Manual:Edit token/zh

编辑令牌是一个Mediawiki服务器生成的随机字符串. 客户端获得此编辑令牌后才可以编辑页面. 编辑令牌用于确保用户真的想编辑页面，而不是误点击某个外部链接而不自觉地编辑了什么页面. 另见cross-site request forgery.

Note: the information on this 页面 needs to be verified by a developer.

为什么需要编辑令牌
编辑令牌 are used as an additional security measure when performing changes. If the 用户 identity were checked using cookies only, an external site could use a link like the following one to have visitors perform changes to the wiki.

http://en.wikipedia.org/w/index.php?title=Image:Abcd.jpg&action=delete&oldimage=324242234

Following such a link would lead an administrator to unknowingly request deletion of an image. If the administrator is still logged in, the 服务器 would check the cookies and grant the request.

For this reason, actions that perform changes require an additional piece of data that is passed as an HTTP parameter, the 编辑令牌. An 编辑令牌 is embedded into 网页 from which the 用户 can request a change; this includes the edit form (where one can change a 页面 by pressing "Save your changes") but also the image description 页面 (where an administrator can request deletion of an old 版本 of an image), contributor histories (where administrators can rollback), etc. When the 用户 actually requests the change to be done (by pressing a button or following a link), the 编辑令牌 is sent back to the 服务器. This proves to the 服务器 that the 用户 has requested the change directly from the site and not from an external site, as external sites do not have access to the 编辑令牌 of the 用户.

工作原理
An 编辑令牌 is a 随机 字符串 stored in the PHP session, which is an associative array that is stored in the 服务器 and maintained across sessions because of a cookie (e.g.,  on the English Wikipedia). The 编辑令牌 is in particular contained in the  element of the PHP session.

编辑令牌 are embedded into 网页 from where the 用户 can request a change. When such a 页面 is to be generated, the 编辑令牌 is retrieved from the  element of the PHP session, if such an element exists; otherwise, a 随机 字符串 is generated and stored in that element.

What is actually embedded into the 网页 is not the  element itself. Rather, this element is concatenated to the salt, which is a 字符串 that depends on the particular action and 页面; the resulting 字符串 is then MD5-hashed; this is what is embedded in the 网页. When the 用户 actually requests the action, this 字符串 is sent back to the 服务器 via an HTTP parameter. The 服务器 can then check the correctness of this parameter: it repeats the procedure used to generate it from the PHP session and checks if the result is equal to the parameter.

过期
服务器生成的编辑令牌会在一段时间内持续有效，因此可以用该编辑令牌执行多次编辑操作. 如果令牌失效后仍然被使用，服务器会返回badtoken错误. 这时应该重新获取编辑令牌.

Source code
编辑令牌 are mainly dealt with in the User.php source file, and in particular by the following methods.


 * editToken(salt) : returns the MD5 hash of the concatenation of the  element of the PHP session with the salt; if such an element does not exist in the PHP session, a 随机 one is generated; See editToken function in SVN.
 * generateToken(salt) : generate a 随机 字符串 (depends on the salt parameter)
 * matchEditToken(token, salt) : checks whether its first argument is a valid 编辑令牌 with respect to the salt; this is done by repeating the procedure of generation and then comparing the result with the first argument; in particular, this function calls  and then compares the result with the first argument;

Salt
The default salt is the empty 字符串; most actions use this default value. As a result, an 编辑令牌 字符串 received from a 服务器 to perform an initial action on a 页面 can also be used to perform additional actions on other 页面. However, since an 编辑令牌 is stored in the PHP session, it can be used only as long as the session is kept in the 服务器 and the client has the corresponding session token cookie (e.g., the enwiki_session cookie).

An edit-token-hash generated using a salt can be used for performing additional actions only if the salt used by both 服务器 and client is the same. Therefore it follows that if the salt is only embedded in the 页面 where the initial action is performed, then that same edit-token-hash cannot be used to enable actions on additional 页面.
 * Actions not using the default empty salt are:


 * rollback : the salt is the title of the article (including the namespace prefix) concatenated with the name of the 用户 whose edits are to be reverted;
 * delete the old 版本 of an image : the salt is the  parameter (when deleting all 版本 this parameter is the empty 字符串, which is also the default salt);
 * Special:UserRights : the salt is the username of the 用户 whose properties are to be changed;
 * Special:Watchlist/clear : the salt is the 字符串 'clearwatchlist'

编辑令牌的后缀
Since revision 18112, a trailing backslash has been added to 编辑令牌, and 编辑令牌 made of a single backslash introduced for anonymous 用户. This change has been done to prevent broken proxies from editing: proxies that cannot correctly handle the backslash typically also mess up the wiki markup code. This suffix has been changed to  in r23287 to also catch broken proxies which mangle the '+' character.

Retrieving via Ajax
In 1.18 and higher, you do not need to retrieve the 编辑令牌 using AJAX. It's available as. Note that you need to have defined mediawiki.user as a ResourceLoader dependency for your module.

Below is sample code for retrieving an 编辑令牌 via an Ajax request: