r62973 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r62972‎ \| r62973 \| r62974 >
Date:	20:29, 25 February 2010
Author:	maxsem
Status:	ok
Tags:
Comment:	Backported r62967 and r62968 to 1.16: (bug 17790) Users instantly logged off on HughesNet
Modified paths:	/branches/REL1_16/phase3/RELEASE-NOTES (modified) (history) /branches/REL1_16/phase3/includes/specials/SpecialUserlogout.php (modified) (history) /branches/REL1_16/phase3/languages/messages/MessagesEn.php (modified) (history) /branches/REL1_16/phase3/maintenance/language/messages.inc (modified) (history)

Diff [purge]

Index: branches/REL1_16/phase3/maintenance/language/messages.inc
—	—	@@ -465,6 +465,7 @@
466	466	'login-throttled',
467	467	'loginlanguagelabel',
468	468	'loginlanguagelinks',
	469	+ 'suspicious-userlogout',
469	470	),
470	471	'resetpass' => array(
471	472	'resetpass',
Index: branches/REL1_16/phase3/includes/specials/SpecialUserlogout.php
—	—	@@ -10,6 +10,16 @@
11	11	function wfSpecialUserlogout() {
12	12	global $wgUser, $wgOut;
13	13
	14	+ /**
	15	+ * Some satellite ISPs use broken precaching schemes that log people out straight after
	16	+ * they're logged in (bug 17790). Luckily, there's a way to detect such requests.
	17	+ */
	18	+ if ( isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], '&' ) !== false ) {
	19	+ wfDebug( "Special:Userlogout request {$_SERVER['REQUEST_URI']} looks suspicious, denying.\n" );
	20	+ wfHttpError( 400, wfMsg( 'loginerror' ), wfMsg( 'suspicious-userlogout' ) );
	21	+ return;
	22	+ }
	23	+
14	24	$oldName = $wgUser->getName();
15	25	$wgUser->logout();
16	26	$wgOut->setRobotPolicy( 'noindex,nofollow' );
Index: branches/REL1_16/phase3/languages/messages/MessagesEn.php
—	—	@@ -1134,6 +1134,7 @@
1135	1135	* Español\|es
1136	1136	* Italiano\|it
1137	1137	* Nederlands\|nl', # do not translate or duplicate this message to other languages
	1138	+'suspicious-userlogout' => 'Your request to log out was denied because it looks like it was sent by a broken browser or caching proxy.',
1138	1139
1139	1140	# Password reset dialog
1140	1141	'resetpass' => 'Change password',
Index: branches/REL1_16/phase3/RELEASE-NOTES
—	—	@@ -759,6 +759,7 @@
760	760	* (bug 22551) Special:Resetpass now has a "Cancel" button that sends the user to
761	761	the page set in the &returnto parameter.
762	762	* (bug 19194) Search box in Modern skin doesn't focus with Safari/Chrome
	763	+* (bug 17790) Users instantly logged off on HughesNet
763	764
764	765	== API changes in 1.16 ==
765	766

Follow-up revisions

Revision	Commit summary	Author	Date
r86182	Prevent bug 17790 from reappearing on Special:Preferences	maxsem	07:39, 16 April 2011

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r62967	(bug 17790) Users instantly logged off on HughesNet	maxsem	17:44, 25 February 2010
r62968	fix debug logging from r62967	maxsem	17:50, 25 February 2010

Status & tagging log

00:46, 12 March 2010 Tim Starling (talk | contribs) changed the status of r62973 [removed: new added: ok]