Daniel K. Schneider wrote:
Hi, until I made an upgrade from 1.15.1 (applied the 15.2,3 and 4 patches) I was happily editing my wiki pages with gnu emacs via ee.pl and a bookmarklet that goes: javascript:location=location+'?action=edit&externaledit=true';
(http://www.mediawiki.org/wiki/Manual:External_editors)
Now, external editing is broken I and I suspect that this is related to (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to be submitted along with the user name and password. Patch by Roan Kattouw.
Any ideas on what I could/should do to get TRUE external editing back ? I don't mind installing stuff. I am not much of a programmer/sysadmin, but I can read :)
You are right. Where it is doing: $response=$browser->post($login_url,@ns_headers, Content=>[wpName=>$username,wpPassword=>$password,wpRemember=>"1",wpLoginAttempt=>"Log in"]); it should be fetching a login token, and then using it to send the password.
I also see many outdated methods, like the fake user agent or extracting items from the page source instead of using the api (which didn't exist when it was created).
Is anyone proficient in Perl here?
I filed bugs 23764 and 23765 to keep track of it.