From 4621f21e15dafdf442b05a70ba287fa6b207d287 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff@users.mediawiki.org>
Date: Sun, 26 Jun 2011 02:40:00 +0000
Subject: [PATCH] (bug 8556) When using $wgRawHtml, don't show scary
 session_failure/possible attack warning when you try to edit categories.

Categories automatically go to preview on open, but there's no edit token
on the initial open of the edit window, which causes big warning over nothing.
---
 RELEASE-NOTES-1.19    |  2 ++
 includes/EditPage.php | 10 ++++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19
index b173472d1c..f7cd61bffd 100644
--- a/RELEASE-NOTES-1.19
+++ b/RELEASE-NOTES-1.19
@@ -123,6 +123,8 @@ production.
   correctly.
 * (bug 29567) mw.util.addPortletLink should only wrap link in <span> for
   "vectorTabs" portlets.
+* (bug 8556) Incorrect session failure warning on preview-on-open 
+  namespaces (categories) when combined with $wgRawHtml.
 
 === API changes in 1.19 ===
 * BREAKING CHANGE: action=watch now requires POST and token.
diff --git a/includes/EditPage.php b/includes/EditPage.php
index f91cfda3cd..44cba7f53e 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -2019,8 +2019,14 @@ HTML
 		if ( $wgRawHtml && !$this->mTokenOk ) {
 			// Could be an offsite preview attempt. This is very unsafe if
 			// HTML is enabled, as it could be an attack.
-			$parsedNote = $wgOut->parse( "<div class='previewnote'>" .
-				wfMsg( 'session_fail_preview_html' ) . "</div>" );
+			$parsedNote = '';
+			if ( $this->textbox1 !== '' ) {
+				// Do not put big scary notice, if previewing the empty
+				// string, which happens when you initially edit
+				// a category page, due to automatic preview-on-open.
+				$parsedNote = $wgOut->parse( "<div class='previewnote'>" .
+					wfMsg( 'session_fail_preview_html' ) . "</div>" );
+			}
 			wfProfileOut( __METHOD__ );
 			return $parsedNote;
 		}
-- 
2.20.1