Page MenuHomePhabricator

ApiRemoveClaims must check write mode, tokens
Closed, ResolvedPublic

Description

ApiRemoveClaims currently modifies and saves entity data directly, without any checks. It should use EditEntity to perform token and permission checks. It should also implement isWriteMode(), needsToken(), and mustBePosted() to return true.


Version: unspecified
Severity: critical

Details

Reference
bz42777

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 12:52 AM
bzimport set Reference to bz42777.

merged:
Change I33d76687: Use EditEntity in removeclaims and added token requirement

Verified in Wikidata demo sprint 26

Restricted Application added a subscriber: StudiesWorld. · View Herald Transcript