Page MenuHomePhabricator

EditEntity.php:attemptSave(): check token
Closed, ResolvedPublic

Description


Version: unspecified
Severity: normal
Whiteboard: storypoints: 1

Details

Reference
bz40558

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 12:45 AM
bzimport set Reference to bz40558.
bzimport added a subscriber: Unknown Object (MLST).
Abraham created this task.Sep 27 2012, 11:25 AM

In EditEntity.php:attemptSave(), please check the token by default (or set $token=null, so the check fails), and explicitly pass in a value when you want to bypass the checking.

Verified in Wikidata demo time for sprint 18