Last modified: 2013-02-15 22:15:43 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T47017, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 45017 - mustBePosted unchecked for query modules
mustBePosted unchecked for query modules
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
API (Other open bugs)
unspecified
All All
: Unprioritized normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-02-14 21:22 UTC by TC
Modified: 2013-02-15 22:15 UTC (History)
10 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description TC 2013-02-14 21:22:10 UTC 
Although the autogenerated checkuser API documentation says that it accepts POST request only, it appears to accept GET requests as well. I clicked on one of the demo links, which should have failed since it's GET, and instead it actually ran the check and generated an entry in the CU log.
Comment 1 Kunal Mehta (Legoktm) 2013-02-15 12:07:30 UTC 
In api/ApiQueryCheckUser.php L204:

	public function mustBePosted() {
		return true;
	}

Yet I'm able to confirm this on my testwiki. This may be due to some recent changes in how the query/list module works in core, I'm looking into it a bit more.
Comment 2 Alex Monk 2013-02-15 20:56:57 UTC 
Gerrit change #49344
Comment 3 Alex Monk 2013-02-15 22:15:43 UTC 
Merged by Chris.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links