inside a heading.
* (bug 34907) Fixed exposure of tokens through load.php that could have facilitated
CSRF attacks
+* Special:Watchlist no longer sets links to feed when the user is anonymous
=== Configuration changes in 1.19 ===
* Removed SkinTemplateSetupPageCss hook; use BeforePageDisplay instead.
$user = $this->getUser();
$output = $this->getOutput();
- // Add feed links
- $wlToken = $user->getOption( 'watchlisttoken' );
- if ( !$wlToken ) {
- $wlToken = MWCryptRand::generateHex( 40 );
- $user->setOption( 'watchlisttoken', $wlToken );
- $user->saveSettings();
- }
-
- $this->addFeedLinks( array( 'action' => 'feedwatchlist', 'allrev' => 'allrev',
- 'wlowner' => $user->getName(), 'wltoken' => $wlToken ) );
-
- $output->setRobotPolicy( 'noindex,nofollow' );
-
# Anons don't get a watchlist
if( $user->isAnon() ) {
$output->setPageTitle( $this->msg( 'watchnologin' ) );
+ $output->setRobotPolicy( 'noindex,nofollow' );
$llink = Linker::linkKnown(
SpecialPage::getTitleFor( 'Userlogin' ),
$this->msg( 'loginreqlink' )->escaped(),
return;
}
+ // Add feed links
+ $wlToken = $user->getOption( 'watchlisttoken' );
+ if ( !$wlToken ) {
+ $wlToken = MWCryptRand::generateHex( 40 );
+ $user->setOption( 'watchlisttoken', $wlToken );
+ $user->saveSettings();
+ }
+
+ $this->addFeedLinks( array( 'action' => 'feedwatchlist', 'allrev' => 'allrev',
+ 'wlowner' => $user->getName(), 'wltoken' => $wlToken ) );
+
$this->setHeaders();
$this->outputHeader();