X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fspecials%2FSpecialChangePassword.php;h=dcd244365690229f37f4360a381ee5884aeae94f;hb=74a77b0db63d57214eef470b043e38e779092810;hp=0356d45b7381926fcd0647dccea96b4035a7af60;hpb=72b8742982d222dfbac9b03cc01d3fa89e1f2816;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php
index 0356d45b73..dcd2443656 100644
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@@ -27,8 +27,8 @@
  * @ingroup SpecialPage
  */
 class SpecialChangePassword extends FormSpecialPage {
-
-	protected $mUserName, $mDomain;
+	protected $mUserName;
+	protected $mDomain;
 
 	// Optional Wikitext Message to show above the password change form
 	protected $mPreTextMessage = null;
@@ -83,7 +83,7 @@ class SpecialChangePassword extends FormSpecialPage {
 		$request = $this->getRequest();
 
 		$oldpassMsg = $this->mOldPassMsg;
-		if ( !isset( $oldpassMsg ) ) {
+		if ( $oldpassMsg === null ) {
 			$oldpassMsg = $user->isLoggedIn() ? 'oldpassword' : 'resetpass-temp-password';
 		}
 
@@ -107,6 +107,17 @@ class SpecialChangePassword extends FormSpecialPage {
 			),
 		);
 
+		if ( !$this->getUser()->isLoggedIn() ) {
+			if ( !LoginForm::getLoginToken() ) {
+				LoginForm::setLoginToken();
+			}
+			$fields['LoginOnChangeToken'] = array(
+				'type' => 'hidden',
+				'label' => 'Change Password Token',
+				'default' => LoginForm::getLoginToken(),
+			);
+		}
+
 		$extraFields = array();
 		wfRunHooks( 'ChangePasswordForm', array( &$extraFields ) );
 		foreach ( $extraFields as $extra ) {
@@ -160,6 +171,13 @@ class SpecialChangePassword extends FormSpecialPage {
 			return false;
 		}
 
+		if ( !$this->getUser()->isLoggedIn()
+			&& $request->getVal( 'wpLoginOnChangeToken' ) !== LoginForm::getLoginToken()
+		) {
+			// Potential CSRF (bug 62497)
+			return false;
+		}
+
 		if ( $request->getCheck( 'wpCancel' ) ) {
 			$titleObj = Title::newFromText( $request->getVal( 'returnto' ) );
 			if ( !$titleObj instanceof Title ) {
@@ -277,7 +295,8 @@ class SpecialChangePassword extends FormSpecialPage {
 		if ( $isSelf ) {
 			// This is needed to keep the user connected since
 			// changing the password also modifies the user's token.
-			$user->setCookies();
+			$remember = $this->getRequest()->getCookie( 'Token' ) !== null;
+			$user->setCookies( null, null, $remember );
 		}
 		$user->resetPasswordExpiration();
 		$user->saveSettings();