Salt the "nsToken" used for Special:Search namespace remembering

Token is used as a GET parameter, so we shouldn't use the raw edit
token.

Bug: 67210
Change-Id: Ie69d9f6557eb9a08b21361aad0ed95bee994c05f

diff --git a/includes/specials/SpecialSearch.php b/includes/specials/SpecialSearch.php
index 15b93ae..54e9987 100644 (file)
--- a/includes/specials/SpecialSearch.php
+++ b/includes/specials/SpecialSearch.php
@@ -526,7 +526,11 @@ class SpecialSearch extends SpecialPage {
 
                if ( $user->isLoggedIn() &&
                        !is_null( $request->getVal( 'nsRemember' ) ) &&
-                       $user->matchEditToken( $request->getVal( 'nsToken' ) )
+                       $user->matchEditToken(
+                               $request->getVal( 'nsToken' ),
+                               'searchnamespace',
+                               $request
+                       )
                ) {
                        // Reset namespace preferences: namespaces are not searched
                        // when they're not mentioned in the URL parameters.
@@ -970,7 +974,13 @@ class SpecialSearch extends SpecialPage {
                $remember = '';
                $user = $this->getUser();
                if ( $user->isLoggedIn() ) {
-                       $remember .= Html::hidden( 'nsToken', $user->getEditToken() ) .
+                       $remember .= Html::hidden(
+                               'nsToken',
+                               $user->getEditToken(
+                                       'searchnamespace',
+                                       $this->getRequest()
+                               )
+                       ) .
                        Xml::checkLabel(
                                wfMessage( 'powersearch-remember' )->text(),
                                'nsRemember',