dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
* (bug 23276) Add hook to Special:NewPages to modify query
[lhc/web/wiklou.git] / includes / specials / SpecialUserlogout.php
diff --git a/includes/specials/SpecialUserlogout.php b/includes/specials/SpecialUserlogout.php
index 137eadb..e23df61 100644 (file)
--- a/includes/specials/SpecialUserlogout.php
+++ b/includes/specials/SpecialUserlogout.php
@@ -10,9 +10,19 @@
 function wfSpecialUserlogout() {
        global $wgUser, $wgOut;
 
+       /**
+        * Some satellite ISPs use broken precaching schemes that log people out straight after
+        * they're logged in (bug 17790). Luckily, there's a way to detect such requests.
+        */
+       if ( isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], '&' ) !== false ) {
+               wfDebug( "Special:Userlogout request {$_SERVER['REQUEST_URI']} looks suspicious, denying.\n" );
+               wfHttpError( 400, wfMsg( 'loginerror' ), wfMsg( 'suspicious-userlogout' ) );
+               return;
+       }
+       
        $oldName = $wgUser->getName();
        $wgUser->logout();
-       $wgOut->setRobotpolicy( 'noindex,nofollow' );
+       $wgOut->setRobotPolicy( 'noindex,nofollow' );
 
        // Hook.
        $injected_html = '';
Wiklou, le Wiki du Wiklou