MediaWiki r18112 - Code Review

Jump to: navigation, search
Repository:MediaWiki
Revision:r18111‎ | r18112 (on ViewVC)‎ | r18113 >
Date:06:19, 2 December 2006
Author:vyznev
Status:old
Tags:
Comment:
Include a backslash character in wpEditToken to prevent editing from broken
proxies that mangle such characters. Not only is editing from open proxies
generally frowned upon on Wikimedia projects, but more importantly, these
particular proxies tend to break wiki markup in submitted content. These
really are not edits we want to let through.

Yes, this is a hack. We may eventually want to explicitly check for this
condition and provide a more informative response, but even so this would
still remain a useful fallback check just in case.
Modified paths:

Diff [purge]

Index: trunk/phase3/includes/EditPage.php
@@ -556,8 +556,8 @@
557557 global $wgUser;
558558 if( $wgUser->isAnon() ) {
559559 # Anonymous users may not have a session
560 - # open. Don't tokenize.
561 - $this->mTokenOk = true;
 560+ # open. Check for suffix anyway.
 561+ $this->mTokenOk = ( EDIT_TOKEN_SUFFIX == $request->getVal( 'wpEditToken' ) );
562562 } else {
563563 $this->mTokenOk = $wgUser->matchEditToken( $request->getVal( 'wpEditToken' ) );
564564 }
@@ -1247,19 +1247,25 @@
12481248 </div>
12491249 " );
12501250
1251 - if ( $wgUser->isLoggedIn() ) {
1252 - /**
1253 - * To make it harder for someone to slip a user a page
1254 - * which submits an edit form to the wiki without their
1255 - * knowledge, a random token is associated with the login
1256 - * session. If it's not passed back with the submission,
1257 - * we won't save the page, or render user JavaScript and
1258 - * CSS previews.
1259 - */
 1251+ /**
 1252+ * To make it harder for someone to slip a user a page
 1253+ * which submits an edit form to the wiki without their
 1254+ * knowledge, a random token is associated with the login
 1255+ * session. If it's not passed back with the submission,
 1256+ * we won't save the page, or render user JavaScript and
 1257+ * CSS previews.
 1258+ *
 1259+ * For anon editors, who may not have a session, we just
 1260+ * include the constant suffix to prevent editing from
 1261+ * broken text-mangling proxies.
 1262+ */
 1263+ if ( $wgUser->isLoggedIn() )
12601264 $token = htmlspecialchars( $wgUser->editToken() );
1261 - $wgOut->addHTML( "\n<input type='hidden' value=\"$token\" name=\"wpEditToken\" />\n" );
1262 - }
 1265+ else
 1266+ $token = EDIT_TOKEN_SUFFIX;
 1267+ $wgOut->addHTML( "\n<input type='hidden' value=\"$token\" name=\"wpEditToken\" />\n" );
12631268
 1269+
12641270 # If a blank edit summary was previously provided, and the appropriate
12651271 # user preference is active, pass a hidden tag here. This will stop the
12661272 # user being bounced back more than once in the event that a summary
Index: trunk/phase3/includes/User.php
@@ -11,6 +11,11 @@
1212 # Serialized record version
1313 define( 'MW_USER_VERSION', 4 );
1414
 15+# Some punctuation to prevent editing from broken text-mangling proxies.
 16+# FIXME: this is embedded unescaped into HTML attributes in various
 17+# places, so we can't safely include ' or " even though we really should.
 18+define( 'EDIT_TOKEN_SUFFIX', '\\' );
 19+
1520 /**
1621 *
1722 * @package MediaWiki
@@ -2093,7 +2098,7 @@
20942099 if( is_array( $salt ) ) {
20952100 $salt = implode( '|', $salt );
20962101 }
2097 - return md5( $token . $salt );
 2102+ return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
20982103 }
20992104
21002105 /**
Retrieved from "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/18112"