Last modified: 2014-07-30 02:07:22 UTC
Created attachment 15766 [details] patch to salt the token (Going back and forth if I should file under security. Decided to err on the side of caution, but this really isn't a serious issue, just something that should be done as a precaution) Special:Search has an nsToken parameter, that's the same as edit token. Its used for saving namespace selection to preferences. The parameter is passed as a GET parameter. Since edit tokens are secret and GET parameters can end up showing up in public places (If people copy paste urls, log files, etc), the token should be salted like we do with "watch this page" tokens. For reference, change is in commit 5dc4dc099d8799cf98dc
Yes, please. Since there's no threat of stealing the token directly, I'm fine if this is made public (we can put the patch in gerrit, etc). But we really should be salting the token as a standard hardening / precaution. Thanks Bawolff!
Sorry. I did think the token was going to make the URL uglier to share but I neglected to think it could be reused.
Change 142900 had a related patch set uploaded by Brian Wolff: Salt the "nsToken" used for Special:Search namespace remembering https://gerrit.wikimedia.org/r/142900
Change 142900 merged by jenkins-bot: Salt the "nsToken" used for Special:Search namespace remembering https://gerrit.wikimedia.org/r/142900