Author: nickpj
Description:
Currently an external site can POST data to MediaWiki to get a preview of a page
with modified wiki text.
However, currently you cannot perform a "Show Changes" on the exact same edit
without having the user's edit token. It would be nice to allow this, since
"Show Changes" is:
a) More efficient - up to a factor of 20 from
http://mail.wikipedia.org/pipermail/wikitech-l/2006-July/037315.html
b) More appropriate in some situations (such as an external tool which is
proposing possible cleanups or improvements to an article, and wants to clearly
highlight what's about to change).
The relevant function is EditPage::importFormData() from includes/EditPage.php ,
which also includes this text:
- Page might be a hack attempt posted from
- an external site. Preview instead of saving. -------------------------------
... it might also be a non-malicious show changes attempt posted from an
external site, which wants to show changes instead of saving :-) In which case
an "else if ($this->diff)" clause or similar could be useful for when the token
is not valid, but only a show changes was requested.
Version: 1.8.x
Severity: normal