From: Brian Wolff Date: Sun, 26 Jun 2011 02:40:00 +0000 (+0000) Subject: (bug 8556) When using $wgRawHtml, don't show scary session_failure/possible attack X-Git-Tag: 1.31.0-rc.0~29275 X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/categories/modifier.php?a=commitdiff_plain;h=4621f21e15dafdf442b05a70ba287fa6b207d287;p=lhc%2Fweb%2Fwiklou.git (bug 8556) When using $wgRawHtml, don't show scary session_failure/possible attack warning when you try to edit categories. Categories automatically go to preview on open, but there's no edit token on the initial open of the edit window, which causes big warning over nothing. --- diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19 index b173472d1c..f7cd61bffd 100644 --- a/RELEASE-NOTES-1.19 +++ b/RELEASE-NOTES-1.19 @@ -123,6 +123,8 @@ production. correctly. * (bug 29567) mw.util.addPortletLink should only wrap link in for "vectorTabs" portlets. +* (bug 8556) Incorrect session failure warning on preview-on-open + namespaces (categories) when combined with $wgRawHtml. === API changes in 1.19 === * BREAKING CHANGE: action=watch now requires POST and token. diff --git a/includes/EditPage.php b/includes/EditPage.php index f91cfda3cd..44cba7f53e 100644 --- a/includes/EditPage.php +++ b/includes/EditPage.php @@ -2019,8 +2019,14 @@ HTML if ( $wgRawHtml && !$this->mTokenOk ) { // Could be an offsite preview attempt. This is very unsafe if // HTML is enabled, as it could be an attack. - $parsedNote = $wgOut->parse( "
" . - wfMsg( 'session_fail_preview_html' ) . "
" ); + $parsedNote = ''; + if ( $this->textbox1 !== '' ) { + // Do not put big scary notice, if previewing the empty + // string, which happens when you initially edit + // a category page, due to automatic preview-on-open. + $parsedNote = $wgOut->parse( "
" . + wfMsg( 'session_fail_preview_html' ) . "
" ); + } wfProfileOut( __METHOD__ ); return $parsedNote; }