search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Second part of bug 4083: Special:Validation doesn't check wpEditToken
[mediawiki.git] / includes / SpecialLockdb.php
bloba07c1d8d2be9d1586ae607db2507287b36341432
1 <?php
2 /**
3 *
4 * @package MediaWiki
5 * @subpackage SpecialPage
6 */
7
8 /**
9 * Constructor
10 */
11 function wfSpecialLockdb() {
12 global $wgUser, $wgOut, $wgRequest;
13
14 if ( ! $wgUser->isAllowed('siteadmin') ) {
15 $wgOut->developerRequired();
16 return;
17 }
18 $action = $wgRequest->getVal( 'action' );
19 $f = new DBLockForm();
20
21 if ( 'success' == $action ) {
22 $f->showSuccess();
23 } else if ( 'submit' == $action && $wgRequest->wasPosted() &&
24 $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
25 $f->doSubmit();
26 } else {
27 $f->showForm( '' );
28 }
29 }
30
31 /**
32 *
33 * @package MediaWiki
34 * @subpackage SpecialPage
35 */
36 class DBLockForm {
37 var $reason = '';
38
39 function DBLockForm() {
40 global $wgRequest;
41 $this->reason = $wgRequest->getText( 'wpLockReason' );
42 }
43
44 function showForm( $err ) {
45 global $wgOut, $wgUser;
46
47 $wgOut->setPagetitle( wfMsg( 'lockdb' ) );
48 $wgOut->addWikiText( wfMsg( 'lockdbtext' ) );
49
50 if ( "" != $err ) {
51 $wgOut->setSubtitle( wfMsg( 'formerror' ) );
52 $wgOut->addHTML( '<p class="error">' . htmlspecialchars( $err ) . "</p>\n" );
53 }
54 $lc = htmlspecialchars( wfMsg( 'lockconfirm' ) );
55 $lb = htmlspecialchars( wfMsg( 'lockbtn' ) );
56 $elr = htmlspecialchars( wfMsg( 'enterlockreason' ) );
57 $titleObj = Title::makeTitle( NS_SPECIAL, 'Lockdb' );
58 $action = $titleObj->escapeLocalURL( 'action=submit' );
59 $token = htmlspecialchars( $wgUser->editToken() );
60
61 $wgOut->addHTML( <<<END
62 <form id="lockdb" method="post" action="{$action}">
63 {$elr}:
64 <textarea name="wpLockReason" rows="10" cols="60" wrap="virtual"></textarea>
65 <table border="0">
66 <tr>
67 <td align="right">
68 <input type="checkbox" name="wpLockConfirm" />
69 </td>
70 <td align="left">{$lc}</td>
71 </tr>
72 <tr>
73 <td>&nbsp;</td>
74 <td align="left">
75 <input type="submit" name="wpLock" value="{$lb}" />
76 </td>
77 </tr>
78 </table>
79 <input type="hidden" name="wpEditToken" value="{$token}" />
80 </form>
81 END
82 );
83
84 }
85
86 function doSubmit() {
87 global $wgOut, $wgUser, $wgLang, $wgRequest;
88 global $wgReadOnlyFile;
89
90 if ( ! $wgRequest->getCheck( 'wpLockConfirm' ) ) {
91 $this->showForm( wfMsg( 'locknoconfirm' ) );
92 return;
93 }
94 $fp = fopen( $wgReadOnlyFile, 'w' );
95
96 if ( false === $fp ) {
97 $wgOut->fileNotFoundError( $wgReadOnlyFile );
98 return;
99 }
100 fwrite( $fp, $this->reason );
101 fwrite( $fp, "\n<p>(by " . $wgUser->getName() . " at " .
102 $wgLang->timeanddate( wfTimestampNow() ) . ")\n" );
103 fclose( $fp );
104
105 $titleObj = Title::makeTitle( NS_SPECIAL, 'Lockdb' );
106 $wgOut->redirect( $titleObj->getFullURL( 'action=success' ) );
107 }
108
109 function showSuccess() {
110 global $wgOut, $wgUser;
111
112 $wgOut->setPagetitle( wfMsg( 'lockdb' ) );
113 $wgOut->setSubtitle( wfMsg( 'lockdbsuccesssub' ) );
114 $wgOut->addWikiText( wfMsg( 'lockdbsuccesstext' ) );
115 }
116 }
117
118 ?>
MediaWiki Core