From: Tim Starling Date: Sun, 1 Jul 2007 22:22:16 +0000 (+0000) Subject: Display a distinctive message when the edit token suffix is mangled. On report of... X-Git-Tag: 1.31.0-rc.0~52295 X-Git-Url: https://git.cyclocoop.org/admin/?a=commitdiff_plain;h=9b9682904ee237b623f648b1a9b630a1a8f88e66;p=lhc%2Fweb%2Fwiklou.git Display a distinctive message when the edit token suffix is mangled. On report of widespread bot breakage, due to adding "+". --- diff --git a/includes/EditPage.php b/includes/EditPage.php index a6b589ad6d..4b44012334 100644 --- a/includes/EditPage.php +++ b/includes/EditPage.php @@ -20,6 +20,7 @@ class EditPage { var $firsttime; var $lastDelete; var $mTokenOk = false; + var $mTokenOkExceptSuffix = false; var $mTriedSave = false; var $tooBig = false; var $kblength = false; @@ -576,7 +577,9 @@ class EditPage { */ function tokenOk( &$request ) { global $wgUser; - $this->mTokenOk = $wgUser->matchEditToken( $request->getVal( 'wpEditToken' ) ); + $token = $request->getVal( 'wpEditToken' ); + $this->mTokenOk = $wgUser->matchEditToken( $token ); + $this->mTokenOkExceptSuffix = $wgUser->matchEditTokenNoSuffix( $token ); return $this->mTokenOk; } @@ -1369,7 +1372,11 @@ END wfProfileIn( $fname ); if ( $this->mTriedSave && !$this->mTokenOk ) { - $msg = 'session_fail_preview'; + if ( $this->mTokenOkExceptSuffix ) { + $msg = 'token_suffix_mismatch'; + } else { + $msg = 'session_fail_preview'; + } } else { $msg = 'previewnote'; } diff --git a/includes/User.php b/includes/User.php index 2f5a089b22..e17c253e50 100644 --- a/includes/User.php +++ b/includes/User.php @@ -2312,7 +2312,6 @@ class User { * @public */ function matchEditToken( $val, $salt = '' ) { - global $wgMemc; $sessionToken = $this->editToken( $salt ); if ( $val != $sessionToken ) { wfDebug( "User::matchEditToken: broken session data\n" ); @@ -2320,6 +2319,14 @@ class User { return $val == $sessionToken; } + /** + * Check whether the edit token is fine except for the suffix + */ + function matchEditTokenNoSuffix( $val, $salt = '' ) { + $sessionToken = $this->editToken( $salt ); + return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 ); + } + /** * Generate a new e-mail confirmation token and send a confirmation * mail to the user's given address. diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index 6d07492fcb..a5a164e255 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -995,6 +995,9 @@ Please try again. If it still doesn't work, try logging out and logging back in. ''Because this wiki has raw HTML enabled, the preview is hidden as a precaution against JavaScript attacks.'' If this is a legitimate edit attempt, please try again. If it still doesn't work, try logging out and logging back in.", +'token_suffix_mismatch' => 'Your edit has been rejected because your client mangled the punctuation characters +in the edit token. The edit has been rejected to prevent corruption of the article text. +This sometimes happens when you are using a buggy web-based anonymous proxy service.', 'importing' => 'Importing $1', 'editing' => 'Editing $1', 'editinguser' => 'Editing user $1',