(bug 8556) When using $wgRawHtml, don't show scary session_failure/possible attack

warning when you try to edit categories.

Categories automatically go to preview on open, but there's no edit token
on the initial open of the edit window, which causes big warning over nothing.

diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19
index b173472..f7cd61b 100644 (file)
--- a/RELEASE-NOTES-1.19
+++ b/RELEASE-NOTES-1.19
@@ -123,6 +123,8 @@ production.
   correctly.
 * (bug 29567) mw.util.addPortletLink should only wrap link in <span> for
   "vectorTabs" portlets.
+* (bug 8556) Incorrect session failure warning on preview-on-open 
+  namespaces (categories) when combined with $wgRawHtml.
 
 === API changes in 1.19 ===
 * BREAKING CHANGE: action=watch now requires POST and token.

diff --git a/includes/EditPage.php b/includes/EditPage.php
index f91cfda..44cba7f 100644 (file)
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -2019,8 +2019,14 @@ HTML
                if ( $wgRawHtml && !$this->mTokenOk ) {
                        // Could be an offsite preview attempt. This is very unsafe if
                        // HTML is enabled, as it could be an attack.
-                       $parsedNote = $wgOut->parse( "<div class='previewnote'>" .
-                               wfMsg( 'session_fail_preview_html' ) . "</div>" );
+                       $parsedNote = '';
+                       if ( $this->textbox1 !== '' ) {
+                               // Do not put big scary notice, if previewing the empty
+                               // string, which happens when you initially edit
+                               // a category page, due to automatic preview-on-open.
+                               $parsedNote = $wgOut->parse( "<div class='previewnote'>" .
+                                       wfMsg( 'session_fail_preview_html' ) . "</div>" );
+                       }
                        wfProfileOut( __METHOD__ );
                        return $parsedNote;
                }