var $firsttime;
var $lastDelete;
var $mTokenOk = false;
+ var $mTokenOkExceptSuffix = false;
var $mTriedSave = false;
var $tooBig = false;
var $kblength = false;
*/
function tokenOk( &$request ) {
global $wgUser;
- $this->mTokenOk = $wgUser->matchEditToken( $request->getVal( 'wpEditToken' ) );
+ $token = $request->getVal( 'wpEditToken' );
+ $this->mTokenOk = $wgUser->matchEditToken( $token );
+ $this->mTokenOkExceptSuffix = $wgUser->matchEditTokenNoSuffix( $token );
return $this->mTokenOk;
}
wfProfileIn( $fname );
if ( $this->mTriedSave && !$this->mTokenOk ) {
- $msg = 'session_fail_preview';
+ if ( $this->mTokenOkExceptSuffix ) {
+ $msg = 'token_suffix_mismatch';
+ } else {
+ $msg = 'session_fail_preview';
+ }
} else {
$msg = 'previewnote';
}
* @public
*/
function matchEditToken( $val, $salt = '' ) {
- global $wgMemc;
$sessionToken = $this->editToken( $salt );
if ( $val != $sessionToken ) {
wfDebug( "User::matchEditToken: broken session data\n" );
return $val == $sessionToken;
}
+ /**
+ * Check whether the edit token is fine except for the suffix
+ */
+ function matchEditTokenNoSuffix( $val, $salt = '' ) {
+ $sessionToken = $this->editToken( $salt );
+ return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
+ }
+
/**
* Generate a new e-mail confirmation token and send a confirmation
* mail to the user's given address.
''Because this wiki has raw HTML enabled, the preview is hidden as a precaution against JavaScript attacks.''
<strong>If this is a legitimate edit attempt, please try again. If it still doesn't work, try logging out and logging back in.</strong>",
+'token_suffix_mismatch' => '<strong>Your edit has been rejected because your client mangled the punctuation characters
+in the edit token. The edit has been rejected to prevent corruption of the article text.
+This sometimes happens when you are using a buggy web-based anonymous proxy service.</strong>',
'importing' => 'Importing $1',
'editing' => 'Editing $1',
'editinguser' => 'Editing user <b>$1</b>',