[Mediawiki-l] External editing broken in MW 1.15.4 ?

Platonides Platonides at gmail.com
Wed Jun 2 22:23:08 UTC 2010


Daniel K. Schneider wrote:
> Hi,
> until I made an upgrade from 1.15.1 (applied the 15.2,3 and 4 patches) I 
> was happily editing my wiki pages with gnu emacs via ee.pl
> and a bookmarklet that goes:
>   javascript:location=location+'?action=edit&externaledit=true';
> 
> (http://www.mediawiki.org/wiki/Manual:External_editors)
> 
> Now, external editing is broken I and I suspect that this is related to
>   (bug 23076)
>   Fixed login CSRF vulnerability. Logins now require a token to be
>   submitted along with the user name and password. Patch by Roan Kattouw.
> 
> Any ideas on what I could/should do to get TRUE external editing back ?
> I don't mind installing stuff. I am not much of a programmer/sysadmin, 
> but I can read :)

You are right.
Where it is doing: $response=$browser->post($login_url, en ns_headers,
Content=>[wpName=>$username,wpPassword=>$password,wpRemember=>"1",wpLoginAttempt=>"Log
in"]);
it should be fetching a login token, and then using it to send the password.


I also see many outdated methods, like the fake user agent or extracting
items from the page source instead of using the api (which didn't exist
when it was created).

Is anyone proficient in Perl here?


I filed bugs 23764 and 23765 to keep track of it.




More information about the MediaWiki-l mailing list