Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #45613 Add CSRF tokens to legacy MediaWiki plugin administration
    Infos
    #45613
    Clarck Robinson (robinsoc)
    2025-11-18 22:03
    2025-11-12 12:06
    47339
    Details
    Add CSRF tokens to legacy MediaWiki plugin administration

    Form processing already make sure the request has been made with a POST (so it benefits from the SameSite cookie attribute set to Lax as well as the __Host- prefix).

    Should still have CSRF token protection per our secure coding guidelines but this does not represent an immediate risk.

    Mediawiki
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2025-11-13
    Attachments
    Empty
    References
    Referencing request #45613

    Git commit

    tuleap/tuleap/stable

    feat: request #45613 Add CSRF tokens to legacy MediaWiki plugin administration f27a868893
    User avatar Thomas Gerbet (tgerbet) , 2025-11-12 16:55
    Merge commit 'refs/changes/56/36156/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 70c325cd17
    User avatar Nicolas Terray (nterray) , 2025-11-13 10:16
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2025-11-12 16:21
    • Summary
      -Missing CSRF protections in Mediawiki 
      +Add CSRF tokens to legacy MediaWiki plugin administration 
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    • Status changed from New to Under implementation
    • Assigned to changed from None to Thomas Gerbet (tgerbet)