From 11471501ecb1a22c96c97d92992af023f4613f16 Mon Sep 17 00:00:00 2001
From: Alexandre Emsenhuber <mediawiki@emsenhuber.ch>
Date: Tue, 8 Jul 2014 22:00:43 +0200
Subject: [PATCH] Fix the (un)watch token to include the namespace name.

Title::getDBkey() only returns the page name without the namespace
which means that "Test" and "User:Test" (for example) pages would
have the same token; use Title::getPrefixedDBkey() instead to
avoid this.

Change-Id: I80333b23cec0cfe6546f6e7776b0a77b56ee20c8
---
 includes/actions/WatchAction.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/actions/WatchAction.php b/includes/actions/WatchAction.php
index 2c7502e574..3b3ae1d4e4 100644
--- a/includes/actions/WatchAction.php
+++ b/includes/actions/WatchAction.php
@@ -185,7 +185,7 @@ class WatchAction extends FormAction {
 		if ( $action != 'unwatch' ) {
 			$action = 'watch';
 		}
-		$salt = array( $action, $title->getDBkey() );
+		$salt = array( $action, $title->getPrefixedDBkey() );
 
 		// This token stronger salted and not compatible with ApiWatch
 		// It's title/action specific because index.php is GET and API is POST
-- 
2.20.1