Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/tests/phpunit/includes/user
History
Brad Jorsch 6c0aa7c26b SECURITY: Move 'UserGetRights' call before application of Session::getAllowedUserRights() 
This prevents hook functions from accidentally adding rights that should
be denied based on the session grants.

If some extension really needs to be able to override session grants,
add a new hook where the old call was, with documentation explicitly
warning about the security implications.

Bug: T139670
Change-Id: I6392cf4d7cc9d3ea96554b25bb5f8abb66e9031b
2016-08-23 04:02:08 +00:00
..
BotPasswordTest.php Remove uses of deprecated TestUser properties 2016-06-22 16:40:31 +01:00
CentralIdLookupTest.php Whenever possible, reuse User objects in unit tests 2016-05-26 20:42:31 +00:00
LocalIdLookupTest.php Whenever possible, reuse User objects in unit tests 2016-05-26 20:42:31 +00:00
PasswordResetTest.php Use AuthManager on special pages 2016-05-16 15:12:13 +00:00
UserArrayFromResultTest.php Convert all array() syntax to [] 2016-02-17 01:33:00 -08:00
UserTest.php SECURITY: Move 'UserGetRights' call before application of Session::getAllowedUserRights() 2016-08-23 04:02:08 +00:00