| Index: trunk/phase3/includes/User.php |
| — | — | @@ -2312,7 +2312,6 @@ |
| 2313 | 2313 | * @public |
| 2314 | 2314 | */ |
| 2315 | 2315 | function matchEditToken( $val, $salt = '' ) { |
| 2316 | | - global $wgMemc; |
| 2317 | 2316 | $sessionToken = $this->editToken( $salt ); |
| 2318 | 2317 | if ( $val != $sessionToken ) { |
| 2319 | 2318 | wfDebug( "User::matchEditToken: broken session data\n" ); |
| — | — | @@ -2321,6 +2320,14 @@ |
| 2322 | 2321 | } |
| 2323 | 2322 | |
| 2324 | 2323 | /** |
| | 2324 | + * Check whether the edit token is fine except for the suffix |
| | 2325 | + */ |
| | 2326 | + function matchEditTokenNoSuffix( $val, $salt = '' ) { |
| | 2327 | + $sessionToken = $this->editToken( $salt ); |
| | 2328 | + return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 ); |
| | 2329 | + } |
| | 2330 | + |
| | 2331 | + /** |
| 2325 | 2332 | * Generate a new e-mail confirmation token and send a confirmation |
| 2326 | 2333 | * mail to the user's given address. |
| 2327 | 2334 | * |
| Index: trunk/phase3/includes/EditPage.php |
| — | — | @@ -20,6 +20,7 @@ |
| 21 | 21 | var $firsttime; |
| 22 | 22 | var $lastDelete; |
| 23 | 23 | var $mTokenOk = false; |
| | 24 | + var $mTokenOkExceptSuffix = false; |
| 24 | 25 | var $mTriedSave = false; |
| 25 | 26 | var $tooBig = false; |
| 26 | 27 | var $kblength = false; |
| — | — | @@ -576,7 +577,9 @@ |
| 577 | 578 | */ |
| 578 | 579 | function tokenOk( &$request ) { |
| 579 | 580 | global $wgUser; |
| 580 | | - $this->mTokenOk = $wgUser->matchEditToken( $request->getVal( 'wpEditToken' ) ); |
| | 581 | + $token = $request->getVal( 'wpEditToken' ); |
| | 582 | + $this->mTokenOk = $wgUser->matchEditToken( $token ); |
| | 583 | + $this->mTokenOkExceptSuffix = $wgUser->matchEditTokenNoSuffix( $token ); |
| 581 | 584 | return $this->mTokenOk; |
| 582 | 585 | } |
| 583 | 586 | |
| — | — | @@ -1369,7 +1372,11 @@ |
| 1370 | 1373 | wfProfileIn( $fname ); |
| 1371 | 1374 | |
| 1372 | 1375 | if ( $this->mTriedSave && !$this->mTokenOk ) { |
| 1373 | | - $msg = 'session_fail_preview'; |
| | 1376 | + if ( $this->mTokenOkExceptSuffix ) { |
| | 1377 | + $msg = 'token_suffix_mismatch'; |
| | 1378 | + } else { |
| | 1379 | + $msg = 'session_fail_preview'; |
| | 1380 | + } |
| 1374 | 1381 | } else { |
| 1375 | 1382 | $msg = 'previewnote'; |
| 1376 | 1383 | } |
| Index: trunk/phase3/languages/messages/MessagesEn.php |
| — | — | @@ -995,6 +995,9 @@ |
| 996 | 996 | ''Because this wiki has raw HTML enabled, the preview is hidden as a precaution against JavaScript attacks.'' |
| 997 | 997 | |
| 998 | 998 | <strong>If this is a legitimate edit attempt, please try again. If it still doesn't work, try logging out and logging back in.</strong>", |
| | 999 | +'token_suffix_mismatch' => '<strong>Your edit has been rejected because your client mangled the punctuation characters |
| | 1000 | +in the edit token. The edit has been rejected to prevent corruption of the article text. |
| | 1001 | +This sometimes happens when you are using a buggy web-based anonymous proxy service.</strong>', |
| 999 | 1002 | 'importing' => 'Importing $1', |
| 1000 | 1003 | 'editing' => 'Editing $1', |
| 1001 | 1004 | 'editinguser' => 'Editing user <b>$1</b>', |