summaryrefslogtreecommitdiff
path: root/includes/specials
diff options
context:
space:
mode:
Diffstat (limited to 'includes/specials')
-rw-r--r--includes/specials/SpecialUpload.php9
-rw-r--r--includes/specials/SpecialUserlogin.php6
-rw-r--r--includes/specials/SpecialWatchlist.php2
-rw-r--r--includes/specials/SpecialWhatlinkshere.php1
4 files changed, 6 insertions, 12 deletions
diff --git a/includes/specials/SpecialUpload.php b/includes/specials/SpecialUpload.php
index 8eeca5d5..33013e08 100644
--- a/includes/specials/SpecialUpload.php
+++ b/includes/specials/SpecialUpload.php
@@ -119,14 +119,7 @@ class SpecialUpload extends SpecialPage {
// If it was posted check for the token (no remote POST'ing with user credentials)
$token = $request->getVal( 'wpEditToken' );
- if( $this->mSourceType == 'file' && $token == null ) {
- // Skip token check for file uploads as that can't be faked via JS...
- // Some client-side tools don't expect to need to send wpEditToken
- // with their submissions, as that's new in 1.16.
- $this->mTokenOk = true;
- } else {
- $this->mTokenOk = $wgUser->matchEditToken( $token );
- }
+ $this->mTokenOk = $wgUser->matchEditToken( $token );
$this->uploadFormTextTop = '';
$this->uploadFormTextAfterSummary = '';
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 01dc9a1c..0e5baa2d 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -1114,9 +1114,9 @@ class LoginForm extends SpecialPage {
*/
public static function setLoginToken() {
global $wgRequest;
- // Use User::generateToken() instead of $user->editToken()
+ // Generate a token directly instead of using $user->editToken()
// because the latter reuses $_SESSION['wsEditToken']
- $wgRequest->setSessionData( 'wsLoginToken', User::generateToken() );
+ $wgRequest->setSessionData( 'wsLoginToken', MWCryptRand::generateHex( 32 ) );
}
/**
@@ -1140,7 +1140,7 @@ class LoginForm extends SpecialPage {
*/
public static function setCreateaccountToken() {
global $wgRequest;
- $wgRequest->setSessionData( 'wsCreateaccountToken', User::generateToken() );
+ $wgRequest->setSessionData( 'wsCreateaccountToken', MWCryptRand::generateHex( 32 ) );
}
/**
diff --git a/includes/specials/SpecialWatchlist.php b/includes/specials/SpecialWatchlist.php
index 51086bb1..fd562be4 100644
--- a/includes/specials/SpecialWatchlist.php
+++ b/includes/specials/SpecialWatchlist.php
@@ -43,7 +43,7 @@ class SpecialWatchlist extends SpecialPage {
// Add feed links
$wlToken = $user->getOption( 'watchlisttoken' );
if ( !$wlToken ) {
- $wlToken = sha1( mt_rand() . microtime( true ) );
+ $wlToken = MWCryptRand::generateHex( 40 );
$user->setOption( 'watchlisttoken', $wlToken );
$user->saveSettings();
}
diff --git a/includes/specials/SpecialWhatlinkshere.php b/includes/specials/SpecialWhatlinkshere.php
index 5cdaad6a..f7d7bfef 100644
--- a/includes/specials/SpecialWhatlinkshere.php
+++ b/includes/specials/SpecialWhatlinkshere.php
@@ -50,6 +50,7 @@ class SpecialWhatLinksHere extends SpecialPage {
$out = $this->getOutput();
$this->setHeaders();
+ $this->outputHeader();
$opts = new FormOptions();