From: Alexandre Emsenhuber <mediawiki@emsenhuber.ch>
Date: Tue, 8 Jul 2014 20:00:43 +0000 (+0200)
Subject: Fix the (un)watch token to include the namespace name.
X-Git-Tag: 1.31.0-rc.0~14412^2
X-Git-Url: http://git.cyclocoop.org/%22%20.%20generer_url_ecrire%28%22suivi_revisions%22%29%20.%20%22?a=commitdiff_plain;h=11471501ecb1a22c96c97d92992af023f4613f16;p=lhc%2Fweb%2Fwiklou.git

Fix the (un)watch token to include the namespace name.

Title::getDBkey() only returns the page name without the namespace
which means that "Test" and "User:Test" (for example) pages would
have the same token; use Title::getPrefixedDBkey() instead to
avoid this.

Change-Id: I80333b23cec0cfe6546f6e7776b0a77b56ee20c8
---

diff --git a/includes/actions/WatchAction.php b/includes/actions/WatchAction.php
index 2c7502e574..3b3ae1d4e4 100644
--- a/includes/actions/WatchAction.php
+++ b/includes/actions/WatchAction.php
@@ -185,7 +185,7 @@ class WatchAction extends FormAction {
 		if ( $action != 'unwatch' ) {
 			$action = 'watch';
 		}
-		$salt = array( $action, $title->getDBkey() );
+		$salt = array( $action, $title->getPrefixedDBkey() );
 
 		// This token stronger salted and not compatible with ApiWatch
 		// It's title/action specific because index.php is GET and API is POST