Page MenuHomePhabricator
Create Task
Maniphest T46563

Use token for reseting the update markers on the watchlist
Closed, DuplicatePublic
Actions

Description

Since fix of T25655 adding a page to the watchlist needs a token.
The api module setnotificationtimestamp also required a token.
MediaWiki should force a token at least for the reset="all" on the watchlist.

Version: 1.21.x
Severity: normal

Details

Reference
bz44563

Related Objects

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 1:26 AM
bzimport added a project: MediaWiki-Watchlist.
bzimport set Reference to bz44563.
bzimport added a subscriber: Unknown Object (MLST).
duplicatebug created this task.Jan 31 2013, 7:19 PM
Aklapper added a comment.Aug 15 2014, 3:24 PM

should force a token

What is currently the problem? Things don't work?

duplicatebug added a comment.Aug 16 2014, 7:36 PM

The reset option does write actions on the database, so this should be protected against CSRF or so. You can submit a post against https://www.mediawiki.org/wiki/Special:Watchlist?reset=all and the show marker on the watclist of the logged in user gets cleared.

duplicatebug unsubscribed.Dec 13 2014, 4:10 PM
Aklapper lowered the priority of this task from High to Low.Nov 27 2019, 5:12 PM
Aklapper edited subscribers, added: Aklapper; removed: wikibugs-l-list.
Restricted Application added a project: Growth-Team. · View Herald TranscriptNov 27 2019, 5:12 PM
Aklapper updated the task description. (Show Details)Nov 27 2019, 5:12 PM
MBinder_WMF added a project: Growth-Team-Filtering.Apr 15 2021, 7:05 PM
Umherirrender closed this task as a duplicate of T150044: "Mark all pages visited" on the watchlist does not require a CSRF token.Aug 19 2021, 10:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL