77cdf1919a
The GET variant was already rarely used because our frontend enchances these links with a click handler that uses AJAX to make a POST request to the API. The index.php url, nor its token, were used for the majority of users. Simplify this by stripping the 'token' query from these urls and requiring a POST request for index.php?action=watch and unwatch. * FormAction: Actually set a proper '<form action>' instead of letting HTMLForm default to a confusing title path (e.g. /wiki/Pagename). Article path should not be used for POST requests. * WatchAction: Group all FormAction-related methods together. * WatchAction: Make token consistent with other actions now that it is POST-only (no "stronger" salt containing the page title). * Remove ununsed mediawiki.page.startup dependency from mediawiki.page.watch.ajax. * WatchAction: If accessed over GET directly (e.g. for users without javascript) display a confirmation form that submits the token. Similar to PurgeAction. Change-Id: I504f457e68a133bcfc418cff13b838080fec1008 |
||
|---|---|---|
| .. | ||
| BaseTemplate.php | ||
| MediaWikiI18N.php | ||
| QuickTemplate.php | ||
| Skin.php | ||
| SkinApi.php | ||
| SkinApiTemplate.php | ||
| SkinException.php | ||
| SkinFactory.php | ||
| SkinFallback.php | ||
| SkinFallbackTemplate.php | ||
| SkinTemplate.php | ||