r75270 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r75269‎ | r75270 | r75271 >
Date:16:56, 23 October 2010
Author:catrope
Status:ok
Tags:
Comment:
Revert r70640 per CR: don't expose unsalted edit tokens in URLs. Should instead change the API's patrol functionality to salt patrol tokens (coming up shortly)
Modified paths:
  • /trunk/phase3/includes/Article.php (modified) (history)
  • /trunk/phase3/includes/diff/DifferenceInterface.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/diff/DifferenceInterface.php
@@ -243,7 +243,7 @@
244244 }
245245 // Build the link
246246 if( $rcid ) {
247 - $token = $wgUser->editToken();
 247+ $token = $wgUser->editToken( $rcid );
248248 $patrol = ' <span class="patrollink">[' . $sk->link(
249249 $this->mTitle,
250250 wfMsgHtml( 'markaspatrolleddiff' ),
@@ -474,7 +474,7 @@
475475 # Add redundant patrol link on bottom...
476476 if( $this->mRcidMarkPatrolled && $this->mTitle->quickUserCan('patrol') ) {
477477 $sk = $wgUser->getSkin();
478 - $token = $wgUser->editToken();
 478+ $token = $wgUser->editToken( $this->mRcidMarkPatrolled );
479479 $wgOut->addHTML(
480480 "<div class='patrollink'>[" . $sk->link(
481481 $this->mTitle,
Index: trunk/phase3/includes/Article.php
@@ -1308,7 +1308,7 @@
13091309 }
13101310
13111311 $sk = $wgUser->getSkin();
1312 - $token = $wgUser->editToken();
 1312+ $token = $wgUser->editToken( $rcid );
13131313
13141314 $wgOut->addHTML(
13151315 "<div class='patrollink'>" .
@@ -2348,7 +2348,7 @@
23492349 # If we haven't been given an rc_id value, we can't do anything
23502350 $rcid = (int) $wgRequest->getVal( 'rcid' );
23512351
2352 - if ( !$wgUser->matchEditToken( $wgRequest->getVal( 'token' ) ) ) {
 2352+ if ( !$wgUser->matchEditToken( $wgRequest->getVal( 'token' ), $rcid ) ) {
23532353 $wgOut->showErrorPage( 'sessionfailure-title', 'sessionfailure' );
23542354 return;
23552355 }

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r70640Per comments, follow-up to r70278: make patrol tokens compatibles between api...ialex18:56, 7 August 2010

Status & tagging log