Page MenuHomePhabricator

CentralAuth MergeAccount doesn't check edit token
Closed, ResolvedPublic

Description

Special:MergeAccount puts an edit token in all of the forms, but never checks that they are valid.


Version: master
Severity: normal

Details

Reference
bz70469

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:53 AM
bzimport set Reference to bz70469.
csteipp created this task.Sep 5 2014, 10:03 PM

Created attachment 16390
patch

Attached:

Working fine in my testing, and fixes the problem. I'll get this deployed.

Privately cherry picked from 1.24wmf21 to 1.24wmf22.

Created attachment 16723
Patch after file reorg

Attached: