From 31b171ec2a93dd142beb8860c6fa3f31ff09cd8e Mon Sep 17 00:00:00 2001
From: Ilmari Karonen <vyznev@users.mediawiki.org>
Date: Sat, 2 Dec 2006 06:19:48 +0000
Subject: [PATCH] Include a backslash character in wpEditToken to prevent
 editing from broken proxies that mangle such characters.  Not only is editing
 from open proxies generally frowned upon on Wikimedia projects, but more
 importantly, these particular proxies tend to break wiki markup in submitted
 content.  These really are not edits we want to let through.

Yes, this is a hack.  We may eventually want to explicitly check for this
condition and provide a more informative response, but even so this would
still remain a useful fallback check just in case.
---
 includes/EditPage.php | 32 +++++++++++++++++++-------------
 includes/User.php     |  7 ++++++-
 2 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/includes/EditPage.php b/includes/EditPage.php
index d3ae6bf7bb..0d6f34b5b8 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -556,8 +556,8 @@ class EditPage {
 		global $wgUser;
 		if( $wgUser->isAnon() ) {
 			# Anonymous users may not have a session
-			# open. Don't tokenize.
-			$this->mTokenOk = true;
+			# open. Check for suffix anyway.
+			$this->mTokenOk = ( EDIT_TOKEN_SUFFIX == $request->getVal( 'wpEditToken' ) );
 		} else {
 			$this->mTokenOk = $wgUser->matchEditToken( $request->getVal( 'wpEditToken' ) );
 		}
@@ -1247,18 +1247,24 @@ END
 </div>
 " );
 
-		if ( $wgUser->isLoggedIn() ) {
-			/**
-			 * To make it harder for someone to slip a user a page
-			 * which submits an edit form to the wiki without their
-			 * knowledge, a random token is associated with the login
-			 * session. If it's not passed back with the submission,
-			 * we won't save the page, or render user JavaScript and
-			 * CSS previews.
-			 */
+		/**
+		 * To make it harder for someone to slip a user a page
+		 * which submits an edit form to the wiki without their
+		 * knowledge, a random token is associated with the login
+		 * session. If it's not passed back with the submission,
+		 * we won't save the page, or render user JavaScript and
+		 * CSS previews.
+		 *
+		 * For anon editors, who may not have a session, we just
+		 * include the constant suffix to prevent editing from
+		 * broken text-mangling proxies.
+		 */
+		if ( $wgUser->isLoggedIn() )
 			$token = htmlspecialchars( $wgUser->editToken() );
-			$wgOut->addHTML( "\n<input type='hidden' value=\"$token\" name=\"wpEditToken\" />\n" );
-		}
+		else
+			$token = EDIT_TOKEN_SUFFIX;
+		$wgOut->addHTML( "\n<input type='hidden' value=\"$token\" name=\"wpEditToken\" />\n" );
+
 
 		# If a blank edit summary was previously provided, and the appropriate
 		# user preference is active, pass a hidden tag here. This will stop the
diff --git a/includes/User.php b/includes/User.php
index 73742f510b..92381e767e 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -11,6 +11,11 @@ define( 'USER_TOKEN_LENGTH', 32 );
 # Serialized record version
 define( 'MW_USER_VERSION', 4 );
 
+# Some punctuation to prevent editing from broken text-mangling proxies.
+# FIXME: this is embedded unescaped into HTML attributes in various
+# places, so we can't safely include ' or " even though we really should.
+define( 'EDIT_TOKEN_SUFFIX', '\\' );
+
 /**
  *
  * @package MediaWiki
@@ -2093,7 +2098,7 @@ class User {
 		if( is_array( $salt ) ) {
 			$salt = implode( '|', $salt );
 		}
-		return md5( $token . $salt );
+		return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
 	}
 
 	/**
-- 
2.20.1