* (bug 671) The <dfn> element has been whitelisted in user input.
* (bug 24563) Entries on Special:WhatLinksHere now have a link to their history
* (bug 21503) There's now a "reason" field when creating account for other users
+* (bug 24418) action=markpatrolled now requires a token
=== Bug fixes in 1.17 ===
* (bug 17560) Half-broken deletion moved image files to deletion archive
}
$sk = $wgUser->getSkin();
+ $token = $wgUser->editToken( $rcid );
$wgOut->addHTML(
"<div class='patrollink'>" .
array(),
array(
'action' => 'markpatrolled',
- 'rcid' => $rcid
+ 'rcid' => $rcid,
+ 'token' => $token,
),
array( 'known', 'noclasses' )
)
* Mark this particular edit/page as patrolled
*/
public function markpatrolled() {
- global $wgOut, $wgRequest;
+ global $wgOut, $wgUser, $wgRequest;
$wgOut->setRobotPolicy( 'noindex,nofollow' );
# If we haven't been given an rc_id value, we can't do anything
$rcid = (int) $wgRequest->getVal( 'rcid' );
+
+ if ( !$wgUser->matchEditToken( $wgRequest->getVal( 'token' ), $rcid ) ) {
+ $wgOut->showErrorPage( 'sessionfailure-title', 'sessionfailure' );
+ return;
+ }
+
$rc = RecentChange::newFromId( $rcid );
if ( is_null( $rc ) ) {
}
// Build the link
if( $rcid ) {
+ $token = $wgUser->editToken( $rcid );
$patrol = ' <span class="patrollink">[' . $sk->link(
$this->mTitle,
wfMsgHtml( 'markaspatrolleddiff' ),
array(),
array(
'action' => 'markpatrolled',
- 'rcid' => $rcid
+ 'rcid' => $rcid,
+ 'token' => $token,
),
array(
'known',
# Add redundant patrol link on bottom...
if( $this->mRcidMarkPatrolled && $this->mTitle->quickUserCan('patrol') ) {
$sk = $wgUser->getSkin();
+ $token = $wgUser->editToken( $this->mRcidMarkPatrolled );
$wgOut->addHTML(
"<div class='patrollink'>[" . $sk->link(
$this->mTitle,
array(),
array(
'action' => 'markpatrolled',
- 'rcid' => $this->mRcidMarkPatrolled
+ 'rcid' => $this->mRcidMarkPatrolled,
+ 'token' => $token,
)
) . ']</div>'
);