From 749e7fb2bae7bbda855de3c9e319435b9f698ff7 Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Mon, 3 Mar 2008 09:36:49 +0100
Subject: MediaWiki 1.11.2 released (security)

---
 includes/api/ApiQueryBase.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'includes/api/ApiQueryBase.php')

diff --git a/includes/api/ApiQueryBase.php b/includes/api/ApiQueryBase.php
index 28adb415..c810cfa7 100644
--- a/includes/api/ApiQueryBase.php
+++ b/includes/api/ApiQueryBase.php
@@ -215,6 +215,10 @@ abstract class ApiQueryBase extends ApiBase {
 	}
 
 	public function getTokenFlag($tokenArr, $action) {
+		if ($this->getMain()->getRequest()->getVal('callback') !== null) {
+			// Don't do any session-specific data.
+			return false;
+		}
 		if (in_array($action, $tokenArr)) {
 			global $wgUser;
 			if ($wgUser->isAllowed($action))
-- 
cgit v1.2.3-54-g00ecf