diff options
Diffstat (limited to 'includes/specials/SpecialUserlogout.php')
-rw-r--r-- | includes/specials/SpecialUserlogout.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/includes/specials/SpecialUserlogout.php b/includes/specials/SpecialUserlogout.php index 3d497bd7..e23df612 100644 --- a/includes/specials/SpecialUserlogout.php +++ b/includes/specials/SpecialUserlogout.php @@ -10,6 +10,16 @@ function wfSpecialUserlogout() { global $wgUser, $wgOut; + /** + * Some satellite ISPs use broken precaching schemes that log people out straight after + * they're logged in (bug 17790). Luckily, there's a way to detect such requests. + */ + if ( isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], '&' ) !== false ) { + wfDebug( "Special:Userlogout request {$_SERVER['REQUEST_URI']} looks suspicious, denying.\n" ); + wfHttpError( 400, wfMsg( 'loginerror' ), wfMsg( 'suspicious-userlogout' ) ); + return; + } + $oldName = $wgUser->getName(); $wgUser->logout(); $wgOut->setRobotPolicy( 'noindex,nofollow' ); |