Don't "preview" (i.e. execute) user JS on non-preview requests

[lhc/web/wiklou.git] / includes / OutputPage.php

diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index 81724c5..c35204d 100644 (file)
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -3309,7 +3309,11 @@ class OutputPage extends ContextSource {
         */
        public function userCanPreview() {
                $request = $this->getRequest();
-               if ( $request->getVal( 'action' ) !== 'submit' || !$request->wasPosted() ) {
+               if (
+                       $request->getVal( 'action' ) !== 'submit' ||
+                       !$request->getCheck( 'wpPreview' ) ||
+                       !$request->wasPosted()
+               ) {
                        return false;
                }