Last modified: 2006-10-25 08:33:36 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 7369 - Allow "Show Changes" without requiring edit token.
Allow "Show Changes" without requiring edit token.
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
Page editing (Other open bugs)
1.8.x
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-19 02:06 UTC by Nick Jenkins
Modified: 2006-10-25 08:33 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Untested patch (855 bytes, patch)
2006-10-25 07:57 UTC, Andrew Garrett
Details

Description Nick Jenkins 2006-09-19 02:06:48 UTC
Currently an external site can POST data to MediaWiki to get a preview of a page
with modified wiki text.

However, currently you cannot perform a "Show Changes" on the exact same edit
without having the user's edit token. It would be nice to allow this, since
"Show Changes" is:
a) More efficient - up to a factor of 20 from
http://mail.wikipedia.org/pipermail/wikitech-l/2006-July/037315.html
b) More appropriate in some situations (such as an external tool which is
proposing possible cleanups or improvements to an article, and wants to clearly
highlight what's about to change).

The relevant function is EditPage::importFormData() from includes/EditPage.php ,
which also includes this text:
-------------------------------
   # Page might be a hack attempt posted from
   # an external site. Preview instead of saving.
-------------------------------
... it might also be a non-malicious show changes attempt posted from an
external site, which wants to show changes instead of saving :-) In which case
an "else if ($this->diff)" clause or similar could be useful for when the token
is not valid, but only a show changes was requested.
Comment 1 Andrew Garrett 2006-10-25 07:57:47 UTC
Created attachment 2552 [details]
Untested patch

This patch should fix the issue. Please take a close look at it before
committing.
Comment 2 Nick Jenkins 2006-10-25 08:33:36 UTC
Patch checked in as r17246 

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links