Last modified: 2014-08-16 19:36:38 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T46563, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 44563 - Use token for reseting the update markers on the watchlist


Summary:	Use token for reseting the update markers on the watchlist

Status:	NEW

Product:	MediaWiki
Classification:	Unclassified
Component:	Watchlist (Other open bugs)
Version:	1.21.x
Hardware:	All All

Importance:	High normal (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-01-31 19:19 UTC by db [inactive,noenotif]
Modified:	2014-08-16 19:36 UTC (History)
CC List:	0 users

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description db [inactive,noenotif] 2013-01-31 19:19:01 UTC

Since fix of bug 27655 adding a page to the watchlist needs a token.
The api module setnotificationtimestamp also required a token.
MediaWiki should force a token at least for the reset="all" on the watchlist.

Comment 1 Andre Klapper 2014-08-15 15:24:49 UTC

> should force a token

What is currently the problem? Things don't work?

Comment 2 db [inactive,noenotif] 2014-08-16 19:36:38 UTC

The reset option does write actions on the database, so this should be protected against CSRF or so. You can submit a post against https://www.mediawiki.org/wiki/Special:Watchlist?reset=all and the show marker on the watclist of the logged in user gets cleared.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links