When the CSRF token on is not available in the session, show the

'you have cookies disabled' message instead of "Session problem,
canceled to avoid session hijacking"

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 6d074f3..5e41e3f 100644 (file)
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -272,7 +272,7 @@ class LoginForm {
                # Request forgery checks.
                if ( !self::getCreateaccountToken() ) {
                        self::setCreateaccountToken();
-                       $this->mainLoginForm( wfMsg( 'sessionfailure' ) );
+                       $this->mainLoginForm( wfMsgExt( 'nocookiesnew', array( 'parseinline' ) ) );;
                        return false;
                }
 
@@ -657,6 +657,8 @@ class LoginForm {
                                break;
 
                        case self::NEED_TOKEN:
+                               $this->mainLoginForm( wfMsgExt( 'nocookieslogin', array( 'parseinline' ) ) );
+                               break;
                        case self::WRONG_TOKEN:
                                $this->mainLoginForm( wfMsg( 'sessionfailure' ) );
                                break;