Merge "(bug 56849) Deprecate dangerous edittime-based content update functions"

[lhc/web/wiklou.git] / includes / specials / SpecialChangePassword.php

diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php
index 0356d45..dcd2443 100644 (file)
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@@ -27,8 +27,8 @@
  * @ingroup SpecialPage
  */
 class SpecialChangePassword extends FormSpecialPage {
-
-       protected $mUserName, $mDomain;
+       protected $mUserName;
+       protected $mDomain;
 
        // Optional Wikitext Message to show above the password change form
        protected $mPreTextMessage = null;
@@ -83,7 +83,7 @@ class SpecialChangePassword extends FormSpecialPage {
                $request = $this->getRequest();
 
                $oldpassMsg = $this->mOldPassMsg;
-               if ( !isset( $oldpassMsg ) ) {
+               if ( $oldpassMsg === null ) {
                        $oldpassMsg = $user->isLoggedIn() ? 'oldpassword' : 'resetpass-temp-password';
                }
 
@@ -107,6 +107,17 @@ class SpecialChangePassword extends FormSpecialPage {
                        ),
                );
 
+               if ( !$this->getUser()->isLoggedIn() ) {
+                       if ( !LoginForm::getLoginToken() ) {
+                               LoginForm::setLoginToken();
+                       }
+                       $fields['LoginOnChangeToken'] = array(
+                               'type' => 'hidden',
+                               'label' => 'Change Password Token',
+                               'default' => LoginForm::getLoginToken(),
+                       );
+               }
+
                $extraFields = array();
                wfRunHooks( 'ChangePasswordForm', array( &$extraFields ) );
                foreach ( $extraFields as $extra ) {
@@ -160,6 +171,13 @@ class SpecialChangePassword extends FormSpecialPage {
                        return false;
                }
 
+               if ( !$this->getUser()->isLoggedIn()
+                       && $request->getVal( 'wpLoginOnChangeToken' ) !== LoginForm::getLoginToken()
+               ) {
+                       // Potential CSRF (bug 62497)
+                       return false;
+               }
+
                if ( $request->getCheck( 'wpCancel' ) ) {
                        $titleObj = Title::newFromText( $request->getVal( 'returnto' ) );
                        if ( !$titleObj instanceof Title ) {
@@ -277,7 +295,8 @@ class SpecialChangePassword extends FormSpecialPage {
                if ( $isSelf ) {
                        // This is needed to keep the user connected since
                        // changing the password also modifies the user's token.
-                       $user->setCookies();
+                       $remember = $this->getRequest()->getCookie( 'Token' ) !== null;
+                       $user->setCookies( null, null, $remember );
                }
                $user->resetPasswordExpiration();
                $user->saveSettings();