Am 02.06.2011 04:33, schrieb Mark A. Hershberger:
=== Implement a way for _only authorized users to use
Special:PasswordReset on
other usernames
===
https://bugzilla.wikimedia.org/29135
A valid feature request, but just that.... a lot of details, so this makes a good one for
me to promote for a weekend
sprint.
Because the implementation would touch some sensitive areas
(password/login), I refrained from patching and would like someone to
give me hints, or to help directly there.
* Problem to be solved:
User A can trigger a password-mail to any other user B by accessing (simply by
accessing Special:PasswordReset and inputting username B into the field)
* Situation:
When logged-in users visit Special:PasswordReset,
they see an _emtpy_ input field for entering an arbitrary username.
The _empty_ field does not make sense, because:...
... read the cumulative summary on
https://bugzilla.wikimedia.org/show_bug.cgi?id=29135#c6