diff options
| author | Pierre Schmitz <pierre@archlinux.de> | 2010-07-28 11:52:48 +0200 |
|---|---|---|
| committer | Pierre Schmitz <pierre@archlinux.de> | 2010-07-28 11:52:48 +0200 |
| commit | 222b01f5169f1c7e69762e0e8904c24f78f71882 (patch) | |
| tree | 8e932e12546bb991357ec48eb1638d1770be7a35 /includes/specials/SpecialUserlogout.php | |
| parent | 00ab76a6b686e98a914afc1975812d2b1aaa7016 (diff) | |
update to MediaWiki 1.16.0
Diffstat (limited to 'includes/specials/SpecialUserlogout.php')
| -rw-r--r-- | includes/specials/SpecialUserlogout.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/includes/specials/SpecialUserlogout.php b/includes/specials/SpecialUserlogout.php index 3d497bd7..e23df612 100644 --- a/includes/specials/SpecialUserlogout.php +++ b/includes/specials/SpecialUserlogout.php @@ -10,6 +10,16 @@ function wfSpecialUserlogout() { global $wgUser, $wgOut; + /** + * Some satellite ISPs use broken precaching schemes that log people out straight after + * they're logged in (bug 17790). Luckily, there's a way to detect such requests. + */ + if ( isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], '&' ) !== false ) { + wfDebug( "Special:Userlogout request {$_SERVER['REQUEST_URI']} looks suspicious, denying.\n" ); + wfHttpError( 400, wfMsg( 'loginerror' ), wfMsg( 'suspicious-userlogout' ) ); + return; + } + $oldName = $wgUser->getName(); $wgUser->logout(); $wgOut->setRobotPolicy( 'noindex,nofollow' ); |