r10023 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r10022‎ \| r10023 \| r10024 >
Date:	08:41, 9 July 2005
Author:	timstarling
Status:	old
Tags:
Comment:	Fixed security
Modified paths:	/trunk/extensions/Renameuser/SpecialRenameuser.php (modified) (history)

Diff [purge]

Index: trunk/extensions/Renameuser/SpecialRenameuser.php
—	—	@@ -63,6 +63,8 @@
64	64	$renameuserold = wfMsgHtml( 'renameuserold' );
65	65	$renameusernew = wfMsgHtml( 'renameusernew' );
66	66	$go = wfMsgHtml( 'go' );
	67	+ $token = $wgUser->editToken();
	68	+
67	69	$wgOut->addHTML( "
68	70	<form id='renameuser' method='post' action=\"$action\">
69	71	<table>
—	—	@@ -79,8 +81,12 @@
80	82	<td align='right'><input type='submit' name='submit' value=\"$go\" /></td>
81	83	</tr>
82	84	</table>
	85	+ <input type='hidden' name='token' value='$token' />
83	86	</form>");
84	87	// Sanity checks
	88	+ if ( !$wgRequest->wasPosted() \|\| !$wgUser->matchEditToken( $wgRequest->getVal( 'token' ) ) )
	89	+ return;
	90	+
85	91	if ($oldusername == '' \|\| $newusername == '' \|\| $oldusername == $newusername)
86	92	return;
87	93

01:58, 13 October 2010 😂 (talk | contribs) changed the status of r10023 [removed: new added: old]