| Index: trunk/phase3/includes/EditPage.php |
| — | — | @@ -23,7 +23,7 @@ |
| 24 | 24 | var $formtype; |
| 25 | 25 | var $firsttime; |
| 26 | 26 | var $lastDelete; |
| 27 | | - var $mTokenOk = true; |
| | 27 | + var $mTokenOk = false; |
| 28 | 28 | var $tooBig = false; |
| 29 | 29 | var $kblength = false; |
| 30 | 30 | var $missingComment = false; |
| — | — | @@ -358,19 +358,17 @@ |
| 359 | 359 | $this->preview = $request->getCheck( 'wpPreview' ) || $request->getCheck( 'wpLivePreview' ); |
| 360 | 360 | $this->diff = $request->getCheck( 'wpDiff' ); |
| 361 | 361 | |
| 362 | | - if( !$this->preview ) { |
| 363 | | - if ( $this->tokenOk( $request ) ) { |
| 364 | | - # Some browsers will not report any submit button |
| 365 | | - # if the user hits enter in the comment box. |
| 366 | | - # The unmarked state will be assumed to be a save, |
| 367 | | - # if the form seems otherwise complete. |
| 368 | | - wfDebug( "$fname: Passed token check.\n" ); |
| 369 | | - } else { |
| 370 | | - # Page might be a hack attempt posted from |
| 371 | | - # an external site. Preview instead of saving. |
| 372 | | - wfDebug( "$fname: Failed token check; forcing preview\n" ); |
| 373 | | - $this->preview = true; |
| 374 | | - } |
| | 362 | + if ( $this->tokenOk( $request ) ) { |
| | 363 | + # Some browsers will not report any submit button |
| | 364 | + # if the user hits enter in the comment box. |
| | 365 | + # The unmarked state will be assumed to be a save, |
| | 366 | + # if the form seems otherwise complete. |
| | 367 | + wfDebug( "$fname: Passed token check.\n" ); |
| | 368 | + } else { |
| | 369 | + # Page might be a hack attempt posted from |
| | 370 | + # an external site. Preview instead of saving. |
| | 371 | + wfDebug( "$fname: Failed token check; forcing preview\n" ); |
| | 372 | + $this->preview = true; |
| 375 | 373 | } |
| 376 | 374 | } |
| 377 | 375 | $this->save = ! ( $this->preview OR $this->diff ); |
| — | — | @@ -1115,7 +1113,7 @@ |
| 1116 | 1114 | # For a bit more sophisticated detection of blank summaries, hash the |
| 1117 | 1115 | # automatic one and pass that in a hidden field. |
| 1118 | 1116 | $autosumm = $this->autoSumm ? $this->autoSumm : md5( $this->summary ); |
| 1119 | | - $wgOut->addHTML( "<input type=\"hidden\" name=\"wpAutoSummary\" value=\"$autosumm\" />\n" ); |
| | 1117 | + $wgOut->addHtml( wfHidden( 'wpAutoSummary', $autosumm ) ); |
| 1120 | 1118 | |
| 1121 | 1119 | if ( $this->isConflict ) { |
| 1122 | 1120 | require_once( "DifferenceEngine.php" ); |
| — | — | @@ -1276,9 +1274,17 @@ |
| 1277 | 1275 | $parserOptions = ParserOptions::newFromUser( $wgUser ); |
| 1278 | 1276 | $parserOptions->setEditSection( false ); |
| 1279 | 1277 | |
| | 1278 | + global $wgRawHtml; |
| | 1279 | + if( $wgRawHtml && !$this->mTokenOk ) { |
| | 1280 | + // Could be an offsite preview attempt. This is very unsafe if |
| | 1281 | + // HTML is enabled, as it could be an attack. |
| | 1282 | + return $wgOut->parse( "<div class='previewnote'>" . |
| | 1283 | + wfMsg( 'session_fail_preview_html' ) . "</div>" ); |
| | 1284 | + } |
| | 1285 | + |
| 1280 | 1286 | # don't parse user css/js, show message about preview |
| 1281 | 1287 | # XXX: stupid php bug won't let us use $wgTitle->isCssJsSubpage() here |
| 1282 | | - |
| | 1288 | + |
| 1283 | 1289 | if ( $this->isCssJsSubpage ) { |
| 1284 | 1290 | if(preg_match("/\\.css$/", $wgTitle->getText() ) ) { |
| 1285 | 1291 | $previewtext = wfMsg('usercsspreview'); |
| Index: trunk/phase3/RELEASE-NOTES |
| — | — | @@ -438,6 +438,7 @@ |
| 439 | 439 | * Fix for HTML headings improperly not detected with preceding/following text |
| 440 | 440 | * Section extraction and replacement functions merged into one implementation |
| 441 | 441 | on the Parser object, so they can't get out of sync with each other. |
| | 442 | +* Edit security precautions in raw HTML mode, etc |
| 442 | 443 | |
| 443 | 444 | |
| 444 | 445 | == Compatibility == |
| Index: trunk/phase3/languages/Messages.php |
| — | — | @@ -513,6 +513,13 @@ |
| 514 | 514 | Please try again. If it still doesn\'t work, try logging out and logging back in.</strong>', |
| 515 | 515 | 'previewconflict' => 'This preview reflects the text in the upper |
| 516 | 516 | text editing area as it will appear if you choose to save.', |
| | 517 | +'session_fail_preview_html' => '<strong>Sorry! We could not process your edit due to a loss of session data.</strong> |
| | 518 | + |
| | 519 | +\'\'Because this wiki has raw HTML enabled, the preview is hidden as a precaution against JavaScript attacks.\'\' |
| | 520 | + |
| | 521 | +<strong>If this is a legitimate edit attempt, please try again. If it still doesn\'t work, try logging out and logging back in.</strong>', |
| | 522 | +'previewconflict' => 'This preview reflects the text in the upper |
| | 523 | +text editing area as it will appear if you choose to save.', |
| 517 | 524 | 'importing' => 'Importing $1', |
| 518 | 525 | 'editing' => 'Editing $1', |
| 519 | 526 | 'editingsection' => 'Editing $1 (section)', |