From 330d92fa80ec3e20ed73de6062d3f2b1c3a077d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bartosz=20Dziewo=C5=84ski?= <matma.rex@gmail.com>
Date: Mon, 7 Nov 2016 20:10:21 +0100
Subject: [PATCH] SECURITY: SpecialWatchlist: Check CSRF token when using "Mark all pages
 visited"

Bug: T150044
Change-Id: I7f75cab4ceb4a2c320af210fad15956b70c29661
---
 includes/specials/SpecialWatchlist.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/includes/specials/SpecialWatchlist.php b/includes/specials/SpecialWatchlist.php
index 85ac2de..76a4d96 100644
--- a/includes/specials/SpecialWatchlist.php
+++ b/includes/specials/SpecialWatchlist.php
@@ -79,6 +79,7 @@ class SpecialWatchlist extends ChangesListSpecialPage {
 		if ( ( $config->get( 'EnotifWatchlist' ) || $config->get( 'ShowUpdatedMarker' ) )
 			&& $request->getVal( 'reset' )
 			&& $request->wasPosted()
+			&& $user->matchEditToken( $request->getVal( 'token' ) )
 		) {
 			$user->clearAllNotifications();
 			$output->redirect( $this->getPageTitle()->getFullURL( $opts->getChangedValues() ) );
@@ -606,6 +607,7 @@ class SpecialWatchlist extends ChangesListSpecialPage {
 				'id' => 'mw-watchlist-resetbutton' ] ) . "\n" .
 			Xml::submitButton( $this->msg( 'enotif_reset' )->text(),
 				[ 'name' => 'mw-watchlist-reset-submit' ] ) . "\n" .
+			Html::hidden( 'token', $user->getEditToken() ) . "\n" .
 			Html::hidden( 'reset', 'all' ) . "\n";
 			foreach ( $nondefaults as $key => $value ) {
 				$form .= Html::hidden( $key, $value ) . "\n";
-- 
2.1.4