Revert r31223 -- edit token below the text box means we're more likely to submit...

It is placed after the textbox deliberately, to ensure that the entire text box is transmitted successfully first.

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 789b72b..2bec669 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -18,7 +18,7 @@ will be made on the development trunk and appear in the next quarterly release.
 Those wishing to use the latest code instead of a branch release can obtain
 it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 
-=== Configuration changes in 1.13 ===
+=== Configuration changes in 1.12 ===
 
 * ...
 
@@ -31,18 +31,17 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
   confused when they are told they are range-blocked.
 * One can turn off syndicatino feeds by setting $wgFeed to false
 
-=== Bug fixes in 1.13 ===
+=== Bug fixes in 1.12 ===
 
 * (bug 10677) Add link to the file description page on the shared repository
 * (bug 13084) Increase size of source/destination filename fields in upload form
 * (bug 13115) rebuildrecentchanges should print the current value of $wgRCMaxAge
-* (bug 13130) Position of wpEditToken input tag in edit form
 
-=== API changes in 1.13 ===
+=== API changes in 1.12 ===
 
 * ....
 
-=== Languages updated in 1.13 ===
+=== Languages updated in 1.12 ===
 
 * ...
 

diff --git a/includes/EditPage.php b/includes/EditPage.php
index ac51a42..45ca48d 100644 (file)
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -1306,21 +1306,6 @@ END
 <input type='hidden' value=\"{$this->edittime}\" name=\"wpEdittime\" />\n
 <input type='hidden' value=\"{$this->scrolltop}\" name=\"wpScrolltop\" id=\"wpScrolltop\" />\n" );
 
-               /**
-                * To make it harder for someone to slip a user a page
-                * which submits an edit form to the wiki without their
-                * knowledge, a random token is associated with the login
-                * session. If it's not passed back with the submission,
-                * we won't save the page, or render user JavaScript and
-                * CSS previews.
-                *
-                * For anon editors, who may not have a session, we just
-                * include the constant suffix to prevent editing from
-                * broken text-mangling proxies.
-                */
-               $token = htmlspecialchars( $wgUser->editToken() );
-               $wgOut->addHTML( "\n<input type='hidden' value=\"$token\" name=\"wpEditToken\" />\n" );
-
                $wgOut->addHTML( <<<END
 $recreate
 {$commentsubject}
@@ -1363,6 +1348,21 @@ END
 </div>
 " );
 
+               /**
+                * To make it harder for someone to slip a user a page
+                * which submits an edit form to the wiki without their
+                * knowledge, a random token is associated with the login
+                * session. If it's not passed back with the submission,
+                * we won't save the page, or render user JavaScript and
+                * CSS previews.
+                *
+                * For anon editors, who may not have a session, we just
+                * include the constant suffix to prevent editing from
+                * broken text-mangling proxies.
+                */
+               $token = htmlspecialchars( $wgUser->editToken() );
+               $wgOut->addHTML( "\n<input type='hidden' value=\"$token\" name=\"wpEditToken\" />\n" );
+
 
                # If a blank edit summary was previously provided, and the appropriate
                # user preference is active, pass a hidden tag here. This will stop the