Page MenuHomePhabricator
Create Task
Maniphest T29393

Special:UserLogout should require a token or confirmation from the user
Closed, ResolvedPublic
Actions

Description

Currently, [[Special:UserLogout]] can be linked to as a normal wikilink, something that can be exploited by disguising it as a link to, say, a user talk page.

As [[Special:UserLogout]] logs users out as soon as the link is clicked, a user that clicks the link by accident must log back in manually. I propose that [[Special:UserLogout]] should instead prompt "Would you like to log out?" if accessed from any other method other than clicking "Log out" from the personal links in the corner of the screen, in order to, in part, prevent this sort of click-jacking prank.

Version: unspecified
Severity: normal

Details

Reference
bz27393

Related Objects

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:16 PM
bzimport added a project: Security-Core.
bzimport set Reference to bz27393.
bzimport changed Security from none to Software security bug.
Restricted Application changed the visibility from "Public (No Login Required)" to "acl*security (Project)". · View Herald TranscriptNov 21 2014, 11:16 PM
Restricted Application changed the edit policy from "All Users" to "acl*security (Project)". · View Herald Transcript
MC8 created this task.Feb 14 2011, 9:21 AM
duplicatebug added a comment.Feb 19 2011, 6:44 PM

This is helpful to force log out of renamed useraccounts, because sometimes there are editing under the old account after the rename. Than you can say, they should be click a link with Special:UserLogout as target and login with the new account (not all user are able to logout with the link in the skin ...).

MC8 added a comment.Feb 22 2011, 12:07 PM

Nethertheless, an "are you sure?" prompt would be nice.

Aklapper added a comment.Apr 8 2013, 12:17 PM

[Resetting bug assignee, as 21 months of no updates imply that nobody is working on this.]

Krinkle added a comment.Aug 30 2014, 12:59 AM

Like other user actions we expose via index.php for the user interface, this action should use a (salted) token.

The link displayed in the UI can have the token inserted in the hyperlink.

When accessing the Special page directly without or with an invalid token, the user gets the form (with a, now valid, token as hidden field) and may submit this by pressing a button.

Similar to rollback, watch, purge, and markpatrolled actions.

csteipp added a comment.Sep 2 2014, 5:49 PM
  • This bug has been marked as a duplicate of bug 23227 ***
Urbanecm changed the visibility from "Custom Policy" to "Public (No Login Required)".Nov 29 2021, 1:31 PM
Urbanecm changed the edit policy from "Custom Policy" to "All Users".
Urbanecm subscribed.

Published, as it is a duplicate of T25227: Use token when logging out.

Zabe subscribed.Dec 6 2021, 6:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL