X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FOutputPage.php;h=8fb3bc2255782ecd498e486a048cc24c086c6c55;hb=81c291f2658836c83eb45fd958f2e54c854b4d23;hp=eb3040cd284b6adc0dd7d0e7c2fa600efa507e0a;hpb=023319f73416ec6869656975fc708afab805532a;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index eb3040cd28..8fb3bc2255 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -2852,7 +2852,6 @@ class OutputPage extends ContextSource {
 
 	private function isUserJsPreview() {
 		return $this->getConfig()->get( 'AllowUserJs' )
-			&& $this->getUser()->isLoggedIn()
 			&& $this->getTitle()
 			&& $this->getTitle()->isJsSubpage()
 			&& $this->userCanPreview();
@@ -3097,6 +3096,11 @@ class OutputPage extends ContextSource {
 		}
 
 		$user = $this->getUser();
+
+		if ( !$this->getUser()->isLoggedIn() ) {
+			// Anons have predictable edit tokens
+			return false;
+		}
 		if ( !$user->matchEditToken( $request->getVal( 'wpEditToken' ) ) ) {
 			return false;
 		}