From e3e5cf1bb9b6ab066b31599f6261961d18741620 Mon Sep 17 00:00:00 2001 From: Max Semenik Date: Thu, 25 Feb 2010 17:44:43 +0000 Subject: [PATCH] (bug 17790) Users instantly logged off on HughesNet --- HISTORY | 1 + includes/specials/SpecialUserlogout.php | 10 ++++++++++ languages/messages/MessagesEn.php | 1 + maintenance/language/messages.inc | 1 + 4 files changed, 13 insertions(+) diff --git a/HISTORY b/HISTORY index 8cd36ec96e..50418cd6df 100644 --- a/HISTORY +++ b/HISTORY @@ -745,6 +745,7 @@ comment from another wiki. * (bug 22551) Special:Resetpass now has a "Cancel" button that sends the user to the page set in the &returnto parameter. * (bug 19194) Search box in Modern skin doesn't focus with Safari/Chrome +* (bug 17790) Users instantly logged off on HughesNet == API changes in 1.16 == diff --git a/includes/specials/SpecialUserlogout.php b/includes/specials/SpecialUserlogout.php index 3d497bd7d7..28f8a5eed0 100644 --- a/includes/specials/SpecialUserlogout.php +++ b/includes/specials/SpecialUserlogout.php @@ -10,6 +10,16 @@ function wfSpecialUserlogout() { global $wgUser, $wgOut; + /** + * Some satellite ISPs use broken precaching schemes that log people out straight after + * they're logged in (bug 17790). Luckily, there's a way to detect such requests. + */ + wfDebug( $_SERVER['REQUEST_URI'] . "\n" ); + if ( isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], '&' ) !== false ) { + wfHttpError( 400, wfMsg( 'loginerror' ), wfMsg( 'suspicious-userlogout' ) ); + return; + } + $oldName = $wgUser->getName(); $wgUser->logout(); $wgOut->setRobotPolicy( 'noindex,nofollow' ); diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index dc1d6a6910..55be5c9aaa 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -1134,6 +1134,7 @@ Please wait before trying again.', * Español|es * Italiano|it * Nederlands|nl', # do not translate or duplicate this message to other languages +'suspicious-userlogout' => 'Your request to log out was denied because it looks like it was sent by a broken browser or caching proxy.', # Password reset dialog 'resetpass' => 'Change password', diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc index d199ba2d3d..0e39a51b1e 100644 --- a/maintenance/language/messages.inc +++ b/maintenance/language/messages.inc @@ -465,6 +465,7 @@ $wgMessageStructure = array( 'login-throttled', 'loginlanguagelabel', 'loginlanguagelinks', + 'suspicious-userlogout', ), 'resetpass' => array( 'resetpass', -- 2.20.1