SECURITY: Don't cache when a call could autocreate

[lhc/web/wiklou.git] / includes / EditPage.php

diff --git a/includes/EditPage.php b/includes/EditPage.php
index 12cd4b3..68691c5 100644 (file)
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -840,7 +840,6 @@ class EditPage {
                if ( $this->textbox1 === false ) {
                        return false;
                }
-               wfProxyCheck();
                return true;
        }
 
@@ -1382,6 +1381,24 @@ class EditPage {
                        return $status;
                }
 
+               $spam = $wgRequest->getText( 'wpAntispam' );
+               if ( $spam !== '' ) {
+                       wfDebugLog(
+                               'SimpleAntiSpam',
+                               $wgUser->getName() .
+                               ' editing "' .
+                               $this->mTitle->getPrefixedText() .
+                               '" submitted bogus field "' .
+                               $spam .
+                               '"'
+                       );
+                       $status->fatal( 'spamprotectionmatch', false );
+                       $status->value = self::AS_SPAM_ERROR;
+                       wfProfileOut( __METHOD__ . '-checks' );
+                       wfProfileOut( __METHOD__ );
+                       return $status;
+               }
+
                try {
                        # Construct Content object
                        $textbox_content = $this->toEditContent( $this->textbox1 );
@@ -2191,6 +2208,14 @@ class EditPage {
                        call_user_func_array( $formCallback, array( &$wgOut ) );
                }
 
+               // Add an empty field to trip up spambots
+               $wgOut->addHTML(
+                       Xml::openElement( 'div', array( 'id' => 'antispam-container', 'style' => 'display: none;' ) )
+                       . Html::rawElement( 'label', array( 'for' => 'wpAntiSpam' ), wfMessage( 'simpleantispam-label' )->parse() )
+                       . Xml::element( 'input', array( 'type' => 'text', 'name' => 'wpAntispam', 'id' => 'wpAntispam', 'value' => '' ) )
+                       . Xml::closeElement( 'div' )
+               );
+
                wfRunHooks( 'EditPage::showEditForm:fields', array( &$this, &$wgOut ) );
 
                // Put these up at the top to ensure they aren't lost on early form submission
@@ -2859,7 +2884,15 @@ HTML
                return self::getCopyrightWarning( $this->mTitle );
        }
 
-       public static function getCopyrightWarning( $title ) {
+       /**
+        * Get the copyright warning, by default returns wikitext
+        *
+        * @param Title $title
+        * @param string $format output format, valid values are any function of
+        *                       a Message object
+        * @return string
+        */
+       public static function getCopyrightWarning( $title, $format = 'plain' ) {
                global $wgRightsText;
                if ( $wgRightsText ) {
                        $copywarnMsg = array( 'copyrightwarning',
@@ -2873,7 +2906,7 @@ HTML
                wfRunHooks( 'EditPageCopyrightWarning', array( $title, &$copywarnMsg ) );
 
                return "<div id=\"editpage-copywarn\">\n" .
-                       call_user_func_array( 'wfMessage', $copywarnMsg )->plain() . "\n</div>";
+                       call_user_func_array( 'wfMessage', $copywarnMsg )->$format() . "\n</div>";
        }
 
        /**
@@ -2904,7 +2937,7 @@ HTML
 
                foreach ( $output->getLimitReportData() as $key => $value ) {
                        if ( wfRunHooks( 'ParserLimitReportFormat',
-                               array( $key, $value, &$limitReport, true, true )
+                               array( $key, &$value, &$limitReport, true, true )
                        ) ) {
                                $keyMsg = wfMessage( $key );
                                $valueMsg = wfMessage( array( "$key-value-html", "$key-value" ) );