From 81be3ba123fa26c29ab157288530ffaec9d0930f Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Thu, 22 Mar 2012 21:04:56 +0100
Subject: Update to MediaWiki 1.18.2

---
 includes/specials/SpecialUpload.php        | 9 +--------
 includes/specials/SpecialUserlogin.php     | 6 +++---
 includes/specials/SpecialWatchlist.php     | 2 +-
 includes/specials/SpecialWhatlinkshere.php | 1 +
 4 files changed, 6 insertions(+), 12 deletions(-)

(limited to 'includes/specials')

diff --git a/includes/specials/SpecialUpload.php b/includes/specials/SpecialUpload.php
index 8eeca5d5..33013e08 100644
--- a/includes/specials/SpecialUpload.php
+++ b/includes/specials/SpecialUpload.php
@@ -119,14 +119,7 @@ class SpecialUpload extends SpecialPage {
 
 		// If it was posted check for the token (no remote POST'ing with user credentials)
 		$token = $request->getVal( 'wpEditToken' );
-		if( $this->mSourceType == 'file' && $token == null ) {
-			// Skip token check for file uploads as that can't be faked via JS...
-			// Some client-side tools don't expect to need to send wpEditToken
-			// with their submissions, as that's new in 1.16.
-			$this->mTokenOk = true;
-		} else {
-			$this->mTokenOk = $wgUser->matchEditToken( $token );
-		}
+		$this->mTokenOk = $wgUser->matchEditToken( $token );
 
 		$this->uploadFormTextTop = '';
 		$this->uploadFormTextAfterSummary = '';
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 01dc9a1c..0e5baa2d 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -1114,9 +1114,9 @@ class LoginForm extends SpecialPage {
 	 */
 	public static function setLoginToken() {
 		global $wgRequest;
-		// Use User::generateToken() instead of $user->editToken()
+		// Generate a token directly instead of using $user->editToken()
 		// because the latter reuses $_SESSION['wsEditToken']
-		$wgRequest->setSessionData( 'wsLoginToken', User::generateToken() );
+		$wgRequest->setSessionData( 'wsLoginToken', MWCryptRand::generateHex( 32 ) );
 	}
 
 	/**
@@ -1140,7 +1140,7 @@ class LoginForm extends SpecialPage {
 	 */
 	public static function setCreateaccountToken() {
 		global $wgRequest;
-		$wgRequest->setSessionData( 'wsCreateaccountToken', User::generateToken() );
+		$wgRequest->setSessionData( 'wsCreateaccountToken', MWCryptRand::generateHex( 32 ) );
 	}
 
 	/**
diff --git a/includes/specials/SpecialWatchlist.php b/includes/specials/SpecialWatchlist.php
index 51086bb1..fd562be4 100644
--- a/includes/specials/SpecialWatchlist.php
+++ b/includes/specials/SpecialWatchlist.php
@@ -43,7 +43,7 @@ class SpecialWatchlist extends SpecialPage {
 		// Add feed links
 		$wlToken = $user->getOption( 'watchlisttoken' );
 		if ( !$wlToken ) {
-			$wlToken = sha1( mt_rand() . microtime( true ) );
+			$wlToken = MWCryptRand::generateHex( 40 );
 			$user->setOption( 'watchlisttoken', $wlToken );
 			$user->saveSettings();
 		}
diff --git a/includes/specials/SpecialWhatlinkshere.php b/includes/specials/SpecialWhatlinkshere.php
index 5cdaad6a..f7d7bfef 100644
--- a/includes/specials/SpecialWhatlinkshere.php
+++ b/includes/specials/SpecialWhatlinkshere.php
@@ -50,6 +50,7 @@ class SpecialWhatLinksHere extends SpecialPage {
 		$out = $this->getOutput();
 		
 		$this->setHeaders();
+		$this->outputHeader();
 
 		$opts = new FormOptions();
 
-- 
cgit v1.2.3-54-g00ecf