search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge "docs: Fix typo"
[mediawiki.git] / includes / specialpage / FormSpecialPage.php
blob8605ce8f0ba8587c82a647c41538faffd767ab1f
1 <?php
2 /**
3 * Special page which uses an HTMLForm to handle processing.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @ingroup SpecialPage
22 */
23
24 namespace MediaWiki\SpecialPage;
25
26 use MediaWiki\Context\DerivativeContext;
27 use MediaWiki\Debug\MWDebug;
28 use MediaWiki\HTMLForm\HTMLForm;
29 use MediaWiki\Request\DerivativeRequest;
30 use MediaWiki\Status\Status;
31 use MediaWiki\User\User;
32 use UserBlockedError;
33
34 /**
35 * Special page which uses an HTMLForm to handle processing. This is mostly a
36 * clone of FormAction. More special pages should be built this way; maybe this could be
37 * a new structure for SpecialPages.
38 *
39 * @ingroup SpecialPage
40 */
41 abstract class FormSpecialPage extends SpecialPage {
42 /**
43 * The subpage of the special page.
44 * @var string|null
45 */
46 protected $par = null;
47
48 /**
49 * @var array|null POST data preserved across re-authentication
50 * @since 1.32
51 */
52 protected $reauthPostData = null;
53
54 /**
55 * Get an HTMLForm descriptor array
56 * @return array
57 */
58 abstract protected function getFormFields();
59
60 /**
61 * Add pre-HTML to the form
62 * @return string HTML which will be sent to $form->addPreHtml()
63 * @since 1.38
64 */
65 protected function preHtml() {
66 return '';
67 }
68
69 /**
70 * Add post-HTML to the form
71 * @return string HTML which will be sent to $form->addPostHtml()
72 * @since 1.38
73 */
74 protected function postHtml() {
75 return '';
76 }
77
78 /**
79 * Add pre-text to the form
80 * @return string HTML which will be sent to $form->addPreHtml()
81 * @deprecated since 1.38, use preHtml() instead, hard-deprecated since 1.43
82 */
83 protected function preText() {
84 wfDeprecated( __METHOD__, '1.38' );
85 return $this->preHtml();
86 }
87
88 /**
89 * Add post-text to the form
90 * @return string HTML which will be sent to $form->addPostHtml()
91 * @deprecated since 1.38, use postHtml() instead, hard-deprecated since 1.43
92 */
93 protected function postText() {
94 wfDeprecated( __METHOD__, '1.38' );
95 return $this->postHtml();
96 }
97
98 /**
99 * Play with the HTMLForm if you need to more substantially
100 */
101 protected function alterForm( HTMLForm $form ) {
102 }
103
104 /**
105 * Get message prefix for HTMLForm
106 *
107 * @since 1.21
108 * @return string
109 */
110 protected function getMessagePrefix() {
111 return strtolower( $this->getName() );
112 }
113
114 /**
115 * Get display format for the form. See HTMLForm documentation for available values.
116 *
117 * @since 1.25
118 * @return string
119 */
120 protected function getDisplayFormat() {
121 return 'table';
122 }
123
124 /**
125 * Get the HTMLForm to control behavior
126 * @return HTMLForm|null
127 */
128 protected function getForm() {
129 $context = $this->getContext();
130 $onSubmit = [ $this, 'onSubmit' ];
131
132 if ( $this->reauthPostData ) {
133 // Restore POST data
134 $context = new DerivativeContext( $context );
135 $oldRequest = $this->getRequest();
136 $context->setRequest( new DerivativeRequest(
137 $oldRequest, $this->reauthPostData + $oldRequest->getQueryValues(), true
138 ) );
139
140 // But don't treat it as a "real" submission just in case of some
141 // crazy kind of CSRF.
142 $onSubmit = static function () {
143 return false;
144 };
145 }
146
147 $form = HTMLForm::factory(
148 $this->getDisplayFormat(),
149 $this->getFormFields(),
150 $context,
151 $this->getMessagePrefix()
152 );
153 if ( !$this->requiresPost() ) {
154 $form->setMethod( 'get' );
155 }
156 $form->setSubmitCallback( $onSubmit );
157 if ( $this->getDisplayFormat() !== 'ooui' ) {
158 // No legend and wrapper by default in OOUI forms, but can be set manually
159 // from alterForm()
160 $form->setWrapperLegendMsg( $this->getMessagePrefix() . '-legend' );
161 }
162
163 $headerMsg = $this->msg( $this->getMessagePrefix() . '-text' );
164 if ( !$headerMsg->isDisabled() ) {
165 $form->addHeaderHtml( $headerMsg->parseAsBlock() );
166 }
167
168 // preText / postText are deprecated, but we need to keep calling them until the end of
169 // the deprecation process so a subclass overriding *Text and *Html both work
170 $form->addPreHtml( MWDebug::detectDeprecatedOverride( $this, __CLASS__, 'preText', '1.38' )
171 ? $this->preText()
172 : $this->preHtml()
173 );
174 $form->addPostHtml( MWDebug::detectDeprecatedOverride( $this, __CLASS__, 'postText', '1.38' )
175 ? $this->postText()
176 : $this->postHtml()
177 );
178
179 // Give precedence to subpage syntax
180 $field = $this->getSubpageField();
181 // cast to string so that "0" is not thrown away
182 if ( strval( $this->par ) !== '' && $field ) {
183 $this->getRequest()->setVal( $form->getField( $field )->getName(), $this->par );
184 $form->setTitle( $this->getPageTitle() );
185 }
186 $this->alterForm( $form );
187 if ( $form->getMethod() == 'post' ) {
188 // Retain query parameters (uselang etc) on POST requests
189 $params = array_diff_key(
190 $this->getRequest()->getQueryValues(), [ 'title' => null ] );
191 $form->addHiddenField( 'redirectparams', wfArrayToCgi( $params ) );
192 }
193
194 // Give hooks a chance to alter the form, adding extra fields or text etc
195 $this->getHookRunner()->onSpecialPageBeforeFormDisplay( $this->getName(), $form );
196
197 return $form;
198 }
199
200 /**
201 * Process the form on submission.
202 * @phpcs:disable MediaWiki.Commenting.FunctionComment.ExtraParamComment
203 * @param array $data
204 * @param HTMLForm|null $form
205 * @suppress PhanCommentParamWithoutRealParam Many implementations don't have $form
206 * @return bool|string|array|Status As documented for HTMLForm::trySubmit.
207 * @phpcs:enable MediaWiki.Commenting.FunctionComment.ExtraParamComment
208 */
209 abstract public function onSubmit( array $data /* HTMLForm $form = null */ );
210
211 /**
212 * Do something exciting on successful processing of the form, most likely to show a
213 * confirmation message
214 * @since 1.22 Default is to do nothing
215 */
216 public function onSuccess() {
217 }
218
219 /**
220 * Basic SpecialPage workflow: get a form, send it to the user; get some data back,
221 *
222 * @param string|null $par Subpage string if one was specified
223 */
224 public function execute( $par ) {
225 $this->setParameter( $par );
226 $this->setHeaders();
227 $this->outputHeader();
228
229 // This will throw exceptions if there's a problem
230 $this->checkExecutePermissions( $this->getUser() );
231
232 $securityLevel = $this->getLoginSecurityLevel();
233 if ( $securityLevel !== false && !$this->checkLoginSecurityLevel( $securityLevel ) ) {
234 return;
235 }
236
237 $form = $this->getForm();
238 // GET forms can be set as includable
239 if ( !$this->including() ) {
240 $result = $this->getShowAlways() ? $form->showAlways() : $form->show();
241 } else {
242 $result = $form->prepareForm()->tryAuthorizedSubmit();
243 }
244 if ( $result === true || ( $result instanceof Status && $result->isGood() ) ) {
245 $this->onSuccess();
246 }
247 }
248
249 /**
250 * Whether the form should always be shown despite the success of submission.
251 * @since 1.40
252 * @return bool
253 */
254 protected function getShowAlways() {
255 return false;
256 }
257
258 /**
259 * Maybe do something interesting with the subpage parameter
260 * @param string|null $par
261 */
262 protected function setParameter( $par ) {
263 $this->par = $par;
264 }
265
266 /**
267 * Override this function to set the field name used in the subpage syntax.
268 * @since 1.40
269 * @return false|string
270 */
271 protected function getSubpageField() {
272 return false;
273 }
274
275 /**
276 * Called from execute() to check if the given user can perform this action.
277 * Failures here must throw subclasses of ErrorPageError.
278 * @param User $user
279 * @throws UserBlockedError
280 */
281 protected function checkExecutePermissions( User $user ) {
282 $this->checkPermissions();
283
284 if ( $this->requiresUnblock() ) {
285 $block = $user->getBlock();
286 if ( $block && $block->isSitewide() ) {
287 throw new UserBlockedError(
288 $block,
289 $user,
290 $this->getLanguage(),
291 $this->getRequest()->getIP()
292 );
293 }
294 }
295
296 if ( $this->requiresWrite() ) {
297 $this->checkReadOnly();
298 }
299 }
300
301 /**
302 * Whether this action should using POST method to submit, default to true
303 * @since 1.40
304 * @return bool
305 */
306 public function requiresPost() {
307 return true;
308 }
309
310 /**
311 * Whether this action requires the wiki not to be locked, default to requiresPost()
312 * @return bool
313 */
314 public function requiresWrite() {
315 return $this->requiresPost();
316 }
317
318 /**
319 * Whether this action cannot be executed by a blocked user, default to requiresPost()
320 * @return bool
321 */
322 public function requiresUnblock() {
323 return $this->requiresPost();
324 }
325
326 /**
327 * Preserve POST data across reauthentication
328 *
329 * @since 1.32
330 * @param array $data
331 */
332 protected function setReauthPostData( array $data ) {
333 $this->reauthPostData = $data;
334 }
335 }
336
337 /** @deprecated class alias since 1.41 */
338 class_alias( FormSpecialPage::class, 'FormSpecialPage' );
MediaWiki Core