[MediaWiki-CVS] SVN: [90814] trunk/phase3

Sat, 25 Jun 2011 19:40:07 -0700 

http://www.mediawiki.org/wiki/Special:Code/MediaWiki/90814

Revision: 90814
Author:   bawolff
Date:     2011-06-26 02:40:00 +0000 (Sun, 26 Jun 2011)
Log Message:
-----------
(bug 8556) When using $wgRawHtml, don't show scary session_failure/possible 
attack
warning when you try to edit categories.

Categories automatically go to preview on open, but there's no edit token
on the initial open of the edit window, which causes big warning over nothing.

Modified Paths:
--------------
    trunk/phase3/RELEASE-NOTES-1.19
    trunk/phase3/includes/EditPage.php

Modified: trunk/phase3/RELEASE-NOTES-1.19
===================================================================
--- trunk/phase3/RELEASE-NOTES-1.19     2011-06-26 02:38:23 UTC (rev 90813)
+++ trunk/phase3/RELEASE-NOTES-1.19     2011-06-26 02:40:00 UTC (rev 90814)
@@ -123,6 +123,8 @@
   correctly.
 * (bug 29567) mw.util.addPortletLink should only wrap link in <span> for
   "vectorTabs" portlets.
+* (bug 8556) Incorrect session failure warning on preview-on-open 
+  namespaces (categories) when combined with $wgRawHtml.
 
 === API changes in 1.19 ===
 * BREAKING CHANGE: action=watch now requires POST and token.

Modified: trunk/phase3/includes/EditPage.php
===================================================================
--- trunk/phase3/includes/EditPage.php  2011-06-26 02:38:23 UTC (rev 90813)
+++ trunk/phase3/includes/EditPage.php  2011-06-26 02:40:00 UTC (rev 90814)
@@ -2019,8 +2019,14 @@
                if ( $wgRawHtml && !$this->mTokenOk ) {
                        // Could be an offsite preview attempt. This is very 
unsafe if
                        // HTML is enabled, as it could be an attack.
-                       $parsedNote = $wgOut->parse( "<div 
class='previewnote'>" .
-                               wfMsg( 'session_fail_preview_html' ) . "</div>" 
);
+                       $parsedNote = '';
+                       if ( $this->textbox1 !== '' ) {
+                               // Do not put big scary notice, if previewing 
the empty
+                               // string, which happens when you initially edit
+                               // a category page, due to automatic 
preview-on-open.
+                               $parsedNote = $wgOut->parse( "<div 
class='previewnote'>" .
+                                       wfMsg( 'session_fail_preview_html' ) . 
"</div>" );
+                       }
                        wfProfileOut( __METHOD__ );
                        return $parsedNote;
                }


_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs

Reply via email to