From: Victor Vasiliev Date: Sat, 23 Feb 2008 19:33:39 +0000 (+0000) Subject: * (bug 13130) Position of wpEditToken input tag in edit form X-Git-Tag: 1.31.0-rc.0~49387 X-Git-Url: https://git.cyclocoop.org/%242?a=commitdiff_plain;h=d19599aeccb95fcaddd01ed1dbf3c590ccdd8812;p=lhc%2Fweb%2Fwiklou.git * (bug 13130) Position of wpEditToken input tag in edit form --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 2bec6699e4..789b72b274 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -18,7 +18,7 @@ will be made on the development trunk and appear in the next quarterly release. Those wishing to use the latest code instead of a branch release can obtain it from source control: http://www.mediawiki.org/wiki/Download_from_SVN -=== Configuration changes in 1.12 === +=== Configuration changes in 1.13 === * ... @@ -31,17 +31,18 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN confused when they are told they are range-blocked. * One can turn off syndicatino feeds by setting $wgFeed to false -=== Bug fixes in 1.12 === +=== Bug fixes in 1.13 === * (bug 10677) Add link to the file description page on the shared repository * (bug 13084) Increase size of source/destination filename fields in upload form * (bug 13115) rebuildrecentchanges should print the current value of $wgRCMaxAge +* (bug 13130) Position of wpEditToken input tag in edit form -=== API changes in 1.12 === +=== API changes in 1.13 === * .... -=== Languages updated in 1.12 === +=== Languages updated in 1.13 === * ... diff --git a/includes/EditPage.php b/includes/EditPage.php index 45ca48d02a..ac51a42fb9 100644 --- a/includes/EditPage.php +++ b/includes/EditPage.php @@ -1306,6 +1306,21 @@ END edittime}\" name=\"wpEdittime\" />\n scrolltop}\" name=\"wpScrolltop\" id=\"wpScrolltop\" />\n" ); + /** + * To make it harder for someone to slip a user a page + * which submits an edit form to the wiki without their + * knowledge, a random token is associated with the login + * session. If it's not passed back with the submission, + * we won't save the page, or render user JavaScript and + * CSS previews. + * + * For anon editors, who may not have a session, we just + * include the constant suffix to prevent editing from + * broken text-mangling proxies. + */ + $token = htmlspecialchars( $wgUser->editToken() ); + $wgOut->addHTML( "\n\n" ); + $wgOut->addHTML( << " ); - /** - * To make it harder for someone to slip a user a page - * which submits an edit form to the wiki without their - * knowledge, a random token is associated with the login - * session. If it's not passed back with the submission, - * we won't save the page, or render user JavaScript and - * CSS previews. - * - * For anon editors, who may not have a session, we just - * include the constant suffix to prevent editing from - * broken text-mangling proxies. - */ - $token = htmlspecialchars( $wgUser->editToken() ); - $wgOut->addHTML( "\n\n" ); - # If a blank edit summary was previously provided, and the appropriate # user preference is active, pass a hidden tag here. This will stop the