Page MenuHomePhabricator
Create Task
Maniphest T35992

Allow anon a formless purge with POST
Closed, ResolvedPublic
Actions

Description

Under 1.17 was it possible for anon to do a purge as POST without getting a form.

It is possible to get this back? The API allows this.

The 1.17 code has a $wgRequest->wasPosted() [1], but that is lost under 1.18 and only the user right 'purge' is used to make the difference [2].

Thanks.

[1] https://svn.wikimedia.org/viewvc/mediawiki/branches/wmf/1.17wmf1/includes/Article.php?view=markup#l1642
[2] https://svn.wikimedia.org/viewvc/mediawiki/branches/wmf/1.18wmf1/includes/actions/PurgeAction.php?view=markup#l63

Version: 1.20.x
Severity: normal

Details

Reference
bz33992
TitleReferenceAuthorSource BranchDest Branch
maintain-kubeusers: Bump deployments for eranbotrepos/cloud/toolforge/toolforge-deploy!221taavitaavi/eranbotmain
Customize query in GitLab

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 12:09 AM
bzimport added projects: MW-1.19.0-release, MediaWiki-General.
bzimport set Reference to bz33992.
Umherirrender created this task.Jan 27 2012, 4:11 PM
MarkAHershberger added a comment.Jan 30 2012, 6:09 PM

marking as deployment blocker since this is apparently a regression that was in 1.18. Also, need a test for this if it is fixed to keep it from happening again.

RobLa-WMF added a comment.Jan 30 2012, 10:57 PM

Aaron has an idea for how to fix this. Seems to have been introduced with r86041

aaron added a comment.Jan 30 2012, 11:44 PM

Fixed in r110342.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL