From 50f849eb4e43a47570dccc9da583ec3323057e11 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Fri, 27 Jun 2014 16:11:22 -0300
Subject: [PATCH] Salt the "nsToken" used for Special:Search namespace
 remembering

Token is used as a GET parameter, so we shouldn't use the raw edit
token.

Bug: 67210
Change-Id: Ie69d9f6557eb9a08b21361aad0ed95bee994c05f
---
 includes/specials/SpecialSearch.php | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/includes/specials/SpecialSearch.php b/includes/specials/SpecialSearch.php
index 15b93ae5f2..54e99879a6 100644
--- a/includes/specials/SpecialSearch.php
+++ b/includes/specials/SpecialSearch.php
@@ -526,7 +526,11 @@ class SpecialSearch extends SpecialPage {
 
 		if ( $user->isLoggedIn() &&
 			!is_null( $request->getVal( 'nsRemember' ) ) &&
-			$user->matchEditToken( $request->getVal( 'nsToken' ) )
+			$user->matchEditToken(
+				$request->getVal( 'nsToken' ),
+				'searchnamespace',
+				$request
+			)
 		) {
 			// Reset namespace preferences: namespaces are not searched
 			// when they're not mentioned in the URL parameters.
@@ -970,7 +974,13 @@ class SpecialSearch extends SpecialPage {
 		$remember = '';
 		$user = $this->getUser();
 		if ( $user->isLoggedIn() ) {
-			$remember .= Html::hidden( 'nsToken', $user->getEditToken() ) .
+			$remember .= Html::hidden(
+				'nsToken',
+				$user->getEditToken(
+					'searchnamespace',
+					$this->getRequest()
+				)
+			) .
 			Xml::checkLabel(
 				wfMessage( 'powersearch-remember' )->text(),
 				'nsRemember',
-- 
2.20.1