With the merge of Icb674095,[1] use of API action=logout will require a
CSRF token. This was considered a security issue, so the usual deprecation
process was not followed. See T25227[2] for details.
Clients that do not use a CSRF token with action=logout will receive a
badtoken error message ***and will not be logged out***.
This change should be deployed to Wikimedia wikis with 1.34.0-wmf.3. See
https://www.mediawiki.org/wiki/MediaWiki_1.34/Roadmap for a schedule.
Overall client impact is expected to be relatively low, as gathered
statistics indicate there are relatively few users of this API call. None
the less, maintainers should check their code for use of action=logout and
update as necessary to maintain expected operation.
[1]: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/504565
[2]: https://phabricator.wikimedia.orgdo not use /T25227
<https://phabricator.wikimedia.org/T25227>
[3]: https://phabricator.wikimedia.org/T25227#4902709
--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation
When list=allusers is used with auactiveusers, a property 'recenteditcount'
is returned in the result. In bug 67301[1] it was pointed out that this
property is including various other logged actions, and so should really be
named something like "recentactions".
Gerrit change 130093,[2] merged today, adds the "recentactions" result
property. "recenteditcount" is also returned for backwards compatability,
but will be removed at some point during the MediaWiki 1.25 development
cycle.
Any clients using this property should be updated to use the new property
name. The new property will be available on WMF wikis with 1.24wmf12, see
https://www.mediawiki.org/wiki/MediaWiki_1.24/Roadmap for the schedule.
[1]: https://bugzilla.wikimedia.org/show_bug.cgi?id=67301
[2]: https://gerrit.wikimedia.org/r/#/c/130093/
--
Brad Jorsch (Anomie)
Software Engineer
Wikimedia Foundation