From: Brian Wolff <bawolff+wn@gmail.com>
Date: Fri, 27 Jun 2014 19:11:22 +0000 (-0300)
Subject: Salt the "nsToken" used for Special:Search namespace remembering
X-Git-Tag: 1.31.0-rc.0~15158^2
X-Git-Url: https://git.cyclocoop.org/%7B%24admin_url%7Dmembres/cotisations/rappels.php?a=commitdiff_plain;h=50f849eb4e43a47570dccc9da583ec3323057e11;p=lhc%2Fweb%2Fwiklou.git

Salt the "nsToken" used for Special:Search namespace remembering

Token is used as a GET parameter, so we shouldn't use the raw edit
token.

Bug: 67210
Change-Id: Ie69d9f6557eb9a08b21361aad0ed95bee994c05f
---

diff --git a/includes/specials/SpecialSearch.php b/includes/specials/SpecialSearch.php
index 15b93ae5f2..54e99879a6 100644
--- a/includes/specials/SpecialSearch.php
+++ b/includes/specials/SpecialSearch.php
@@ -526,7 +526,11 @@ class SpecialSearch extends SpecialPage {
 
 		if ( $user->isLoggedIn() &&
 			!is_null( $request->getVal( 'nsRemember' ) ) &&
-			$user->matchEditToken( $request->getVal( 'nsToken' ) )
+			$user->matchEditToken(
+				$request->getVal( 'nsToken' ),
+				'searchnamespace',
+				$request
+			)
 		) {
 			// Reset namespace preferences: namespaces are not searched
 			// when they're not mentioned in the URL parameters.
@@ -970,7 +974,13 @@ class SpecialSearch extends SpecialPage {
 		$remember = '';
 		$user = $this->getUser();
 		if ( $user->isLoggedIn() ) {
-			$remember .= Html::hidden( 'nsToken', $user->getEditToken() ) .
+			$remember .= Html::hidden(
+				'nsToken',
+				$user->getEditToken(
+					'searchnamespace',
+					$this->getRequest()
+				)
+			) .
 			Xml::checkLabel(
 				wfMessage( 'powersearch-remember' )->text(),
 				'nsRemember',