Am 02.06.2011 04:33, schrieb Mark A. Hershberger:
=== Implement a way for _only authorized users to use Special:PasswordReset on other usernames === https://bugzilla.wikimedia.org/29135
A valid feature request, but just that.... a lot of details, so this makes a good one for me to promote for a weekend sprint.
Because the implementation would touch some sensitive areas (password/login), I refrained from patching and would like someone to give me hints, or to help directly there.
* Problem to be solved: User A can trigger a password-mail to any other user B by accessing (simply by accessing Special:PasswordReset and inputting username B into the field)
* Situation: When logged-in users visit Special:PasswordReset, they see an _emtpy_ input field for entering an arbitrary username.
The _empty_ field does not make sense, because:...
... read the cumulative summary on https://bugzilla.wikimedia.org/show_bug.cgi?id=29135#c6