summaryrefslogtreecommitdiff
path: root/includes/specials/SpecialUserlogout.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/specials/SpecialUserlogout.php')
-rw-r--r--includes/specials/SpecialUserlogout.php10
1 files changed, 10 insertions, 0 deletions
diff --git a/includes/specials/SpecialUserlogout.php b/includes/specials/SpecialUserlogout.php
index 3d497bd7..e23df612 100644
--- a/includes/specials/SpecialUserlogout.php
+++ b/includes/specials/SpecialUserlogout.php
@@ -10,6 +10,16 @@
function wfSpecialUserlogout() {
global $wgUser, $wgOut;
+ /**
+ * Some satellite ISPs use broken precaching schemes that log people out straight after
+ * they're logged in (bug 17790). Luckily, there's a way to detect such requests.
+ */
+ if ( isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], '&' ) !== false ) {
+ wfDebug( "Special:Userlogout request {$_SERVER['REQUEST_URI']} looks suspicious, denying.\n" );
+ wfHttpError( 400, wfMsg( 'loginerror' ), wfMsg( 'suspicious-userlogout' ) );
+ return;
+ }
+
$oldName = $wgUser->getName();
$wgUser->logout();
$wgOut->setRobotPolicy( 'noindex,nofollow' );