X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/mediawiki.git/blobdiff_plain/8989532d3de45b196373107c7a812a68ac0ff2d9..d75ce11339b35963b5f8c3d53190819c1c025716:/includes/specials/SpecialUserlogout.php

diff --git a/includes/specials/SpecialUserlogout.php b/includes/specials/SpecialUserlogout.php
index 3d497bd7..e23df612 100644
--- a/includes/specials/SpecialUserlogout.php
+++ b/includes/specials/SpecialUserlogout.php
@@ -10,6 +10,16 @@
 function wfSpecialUserlogout() {
 	global $wgUser, $wgOut;
 
+	/**
+	 * Some satellite ISPs use broken precaching schemes that log people out straight after
+	 * they're logged in (bug 17790). Luckily, there's a way to detect such requests.
+	 */
+	if ( isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], '&' ) !== false ) {
+		wfDebug( "Special:Userlogout request {$_SERVER['REQUEST_URI']} looks suspicious, denying.\n" );
+		wfHttpError( 400, wfMsg( 'loginerror' ), wfMsg( 'suspicious-userlogout' ) );
+		return;
+	}
+	
 	$oldName = $wgUser->getName();
 	$wgUser->logout();
 	$wgOut->setRobotPolicy( 'noindex,nofollow' );