* Fix escaping of edit tokens, removed FIXME note.
* Added + to EDIT_TOKEN_SUFFIX on report of broken proxy from mutante
* Two random minor changes
$rmvtxt = "";
if ($wgUser->isAllowed( 'trackback' )) {
$delurl = $this->mTitle->getFullURL("action=deletetrackback&tbid="
- . $o->tb_id . "&token=" . $wgUser->editToken());
- $rmvtxt = wfMsg('trackbackremove', $delurl);
+ . $o->tb_id . "&token=" . urlencode( $wgUser->editToken() ) );
+ $rmvtxt = wfMsg( 'trackbackremove', htmlspecialchars( $delurl ) );
}
$tbtext .= wfMsg(strlen($o->tb_ex) ? 'trackbackexcerpt' : 'trackback',
$o->tb_title,
*/
function tokenOk( &$request ) {
global $wgUser;
- if( $wgUser->isAnon() ) {
- # Anonymous users may not have a session
- # open. Check for suffix anyway.
- $this->mTokenOk = ( EDIT_TOKEN_SUFFIX == $request->getVal( 'wpEditToken' ) );
- } else {
- $this->mTokenOk = $wgUser->matchEditToken( $request->getVal( 'wpEditToken' ) );
- }
+ $this->mTokenOk = $wgUser->matchEditToken( $request->getVal( 'wpEditToken' ) );
return $this->mTokenOk;
}
* include the constant suffix to prevent editing from
* broken text-mangling proxies.
*/
- if ( $wgUser->isLoggedIn() )
- $token = htmlspecialchars( $wgUser->editToken() );
- else
- $token = EDIT_TOKEN_SUFFIX;
+ $token = htmlspecialchars( $wgUser->editToken() );
$wgOut->addHTML( "\n<input type='hidden' value=\"$token\" name=\"wpEditToken\" />\n" );
$blockReasonList .= $optgroup;
}
- $token = htmlspecialchars( $wgUser->editToken() );
+ $token = $wgUser->editToken();
global $wgStylePath, $wgStyleVersion;
$wgOut->addHTML( "
$titleObj = SpecialPage::getTitleFor( "Emailuser" );
$action = $titleObj->escapeLocalURL( "target=" .
urlencode( $this->target->getName() ) . "&action=submit" );
- $token = $wgUser->editToken();
+ $token = htmlspecialchars( $wgUser->editToken() );
$wgOut->addHTML( "
<form id=\"emailuser\" method=\"post\" action=\"{$action}\">
}
$wgOut->addHTML( '</fieldset>' );
- $token = $wgUser->editToken();
+ $token = htmlspecialchars( $wgUser->editToken() );
$skin = $wgUser->getSkin();
$wgOut->addHTML( "
<div id='prefsubmit'>
</div>
- <input type='hidden' name='wpEditToken' value='{$token}' />
+ <input type='hidden' name='wpEditToken' value=\"{$token}\" />
</div></form>\n" );
$wgOut->addHtml( Xml::tags( 'div', array( 'class' => "prefcache" ),
define( 'MW_USER_VERSION', 5 );
# Some punctuation to prevent editing from broken text-mangling proxies.
-# FIXME: this is embedded unescaped into HTML attributes in various
-# places, so we can't safely include ' or " even though we really should.
-define( 'EDIT_TOKEN_SUFFIX', '\\' );
+define( 'EDIT_TOKEN_SUFFIX', '+\\' );
/**
* Thrown by User::setPassword() on error
* @public
*/
function editToken( $salt = '' ) {
- if( !isset( $_SESSION['wsEditToken'] ) ) {
- $token = $this->generateToken();
- $_SESSION['wsEditToken'] = $token;
+ if ( $this->isAnon() ) {
+ return EDIT_TOKEN_SUFFIX;
} else {
- $token = $_SESSION['wsEditToken'];
- }
- if( is_array( $salt ) ) {
- $salt = implode( '|', $salt );
+ if( !isset( $_SESSION['wsEditToken'] ) ) {
+ $token = $this->generateToken();
+ $_SESSION['wsEditToken'] = $token;
+ } else {
+ $token = $_SESSION['wsEditToken'];
+ }
+ if( is_array( $salt ) ) {
+ $salt = implode( '|', $salt );
+ }
+ return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
}
- return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
}
/**