http://www.mediawiki.org/wiki/Special:Code/MediaWiki/67359
Revision: 67359
Author: aaron
Date: 2010-06-04 20:17:12 +0000 (Fri, 04 Jun 2010)
Log Message:
-----------
Backported CSRF fix
Modified Paths:
--------------
branches/REL1_15/extensions/FlaggedRevs/specialpages/RevisionReview_body.php
Modified:
branches/REL1_15/extensions/FlaggedRevs/specialpages/RevisionReview_body.php
===================================================================
---
branches/REL1_15/extensions/FlaggedRevs/specialpages/RevisionReview_body.php
2010-06-04 19:51:38 UTC (rev 67358)
+++
branches/REL1_15/extensions/FlaggedRevs/specialpages/RevisionReview_body.php
2010-06-04 20:17:12 UTC (rev 67359)
@@ -169,6 +169,7 @@
$tags = FlaggedRevs::getDimensions();
// Make review interface object
$form = new RevisionReview();
+ $editToken = '';
// Each ajax url argument is of the form param|val.
// This means that there is no ugly order dependance.
foreach( $args as $x => $arg ) {
@@ -216,9 +217,7 @@
$form->retrieveNotes( $val );
break;
case "wpEditToken":
- if( !$wgUser->matchEditToken( $val ) ) {
- return '<err#>';
- }
+ $editToken = $val;
break;
default:
$p = preg_replace( '/^wp/', '', $par );
// kill any "wp" prefix
@@ -241,7 +240,11 @@
}
if( $form->unapprovedTags && $form->unapprovedTags < count(
FlaggedRevs::getDimensions() ) ) {
return '<err#>';
- }
+ }
+ // Session check
+ if( !$wgUser->matchEditToken( $editToken ) ) {
+ return '<err#>';
+ }
// Doesn't match up?
$k = self::validationKey( $form->templateParams,
$form->imageParams, $form->fileVersion, $form->oldid );
if( $form->validatedParams !== $k ) {
@@ -887,4 +890,4 @@
}
$log->addEntry( $action, $title, $comment,
array($revId,$stableId) );
}
-}
+}
\ No newline at end of file
_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
