http://www.mediawiki.org/wiki/Special:Code/MediaWiki/70440
Revision: 70440 Author: kaldari Date: 2010-08-04 00:05:48 +0000 (Wed, 04 Aug 2010) Log Message: ----------- Fix for form issues Modified Paths: -------------- trunk/extensions/CentralNotice/SpecialCentralNotice.php trunk/extensions/CentralNotice/SpecialNoticeTemplate.php Modified: trunk/extensions/CentralNotice/SpecialCentralNotice.php =================================================================== --- trunk/extensions/CentralNotice/SpecialCentralNotice.php 2010-08-03 23:37:45 UTC (rev 70439) +++ trunk/extensions/CentralNotice/SpecialCentralNotice.php 2010-08-04 00:05:48 UTC (rev 70440) @@ -42,8 +42,8 @@ $method = $wgRequest->getVal( 'method' ); // Handle form sumissions - if ( $this->editable && $wgRequest->wasPosted() ) { - + if ( $this->editable && $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) { + // Handle removing $toRemove = $wgRequest->getArray( 'removeNotices' ); if ( isset( $toRemove ) ) { @@ -185,28 +185,26 @@ // Handle adding of notice $this->showAll = $wgRequest->getVal( 'showAll' ); - if ( $this->editable && $method == 'addNotice' ) { + if ( $this->editable && $method == 'addNotice' && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) { $noticeName = $wgRequest->getVal( 'noticeName' ); $start = $wgRequest->getArray( 'start' ); $project_name = $wgRequest->getVal( 'project_name' ); $project_languages = $wgRequest->getArray( 'project_languages' ); if ( $noticeName == '' ) { - //$wgOut->addWikiMsg ( 'centralnotice-null-string' ); $wgOut->addHTML( Xml::element( 'div', array( 'class' => 'cn-error' ), wfMsg( 'centralnotice-null-string' ) ) ); - } - else { + } else { $this->addNotice( $noticeName, '0', $start, $project_name, $project_languages ); } } // Handle removing of notice - if ( $this->editable && $method == 'removeNotice' ) { + if ( $this->editable && $method == 'removeNotice' && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) { $noticeName = $wgRequest->getVal ( 'noticeName' ); $this->removeNotice ( $noticeName ); } // Handle adding of template - if ( $this->editable && $method == 'addTemplateTo' ) { + if ( $this->editable && $method == 'addTemplateTo' && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) { $noticeName = $wgRequest->getVal( 'noticeName' ); $templateName = $wgRequest->getVal( 'templateName' ); $templateWeight = $wgRequest->getVal ( 'weight' ); @@ -217,7 +215,7 @@ } // Handle removing of template - if ( $this->editable && $method == 'removeTemplateFor' ) { + if ( $this->editable && $method == 'removeTemplateFor' && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) { $noticeName = $wgRequest->getVal ( 'noticeName' ); $templateName = $wgRequest->getVal ( 'templateName ' ); $this->removeTemplateFor( $noticeName , $templateName ); @@ -520,6 +518,7 @@ $htmlOut .= $this->tableRow( $fields ); } $htmlOut .= Xml::closeElement( 'table' ); + $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() ); if ( $this->editable ) { $htmlOut .= Xml::openElement( 'div', array( 'class' => 'cn-buttons' ) ); $htmlOut .= Xml::submitButton( wfMsg( 'centralnotice-modify' ), @@ -585,6 +584,7 @@ $htmlOut .= Xml::closeElement( 'tr' ); $htmlOut .= Xml::closeElement( 'table' ); $htmlOut .= Xml::hidden( 'change', 'weight' ); + $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() ); // Submit button $htmlOut .= Xml::tags( 'div', @@ -604,7 +604,8 @@ function listNoticeDetail( $notice ) { global $wgOut, $wgRequest, $wgUser; - if ( $wgRequest->wasPosted() ) { + if ( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) { + // Handle removing of templates $templateToRemove = $wgRequest->getArray( 'removeTemplates' ); if ( isset( $templateToRemove ) ) { @@ -688,6 +689,8 @@ } } if ( $this->editable ) { + $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() ); + // Submit button $htmlOut .= Xml::tags( 'div', array( 'class' => 'cn-buttons' ), Modified: trunk/extensions/CentralNotice/SpecialNoticeTemplate.php =================================================================== --- trunk/extensions/CentralNotice/SpecialNoticeTemplate.php 2010-08-03 23:37:45 UTC (rev 70439) +++ trunk/extensions/CentralNotice/SpecialNoticeTemplate.php 2010-08-04 00:05:48 UTC (rev 70440) @@ -39,7 +39,7 @@ // Begin Banners tab content $wgOut->addHTML( Xml::openElement( 'div', array( 'id' => 'preferences' ) ) ); - if ( $this->editable ) { + if ( $this->editable && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) { // Handle forms if ( $wgRequest->wasPosted() ) { @@ -85,42 +85,39 @@ } } - switch ( $sub ) { - - // Handle viewing or editing a specific banner - case 'view': - if ( $wgRequest->getVal( 'wpUserLanguage' ) == 'all' ) { - // Handle viewing a banner in all languages - $template = $wgRequest->getVal( 'template' ); - $this->showViewAvailable( $template ); - } elseif ( $wgRequest->getText( 'template' ) != '' ) { - $this->showView(); - } - break; - - // Handle adding a banner - case 'add': - if ( $this->editable ) { - $this->showAdd(); - } - break; - - // Handle cloning a banner - case 'clone': - if ( $this->editable ) { - $oldTemplate = $wgRequest->getVal( 'oldTemplate' ); - $newTemplate = $wgRequest->getVal( 'newTemplate' ); - // We use the returned name in case any special characters had to be removed - $template = $this->cloneTemplate( $oldTemplate, $newTemplate ); - $wgOut->redirect( SpecialPage::getTitleFor( 'NoticeTemplate', 'view' )->getLocalUrl( "template=$template" ) ); - } - break; - - // Show list of banners by default - default: - $this->showList(); - + // Handle viewing of a template in all languages + if ( $sub == 'view' && $wgRequest->getVal( 'wpUserLanguage' ) == 'all' ) { + $template = $wgRequest->getVal( 'template' ); + $this->showViewAvailable( $template ); + return; } + + // Handle viewing a specific template + if ( $sub == 'view' && $wgRequest->getText( 'template' ) != '' ) { + $this->showView(); + return; + } + + if ( $this->editable ) { + // Handle "Add a banner" link + if ( $sub == 'add' ) { + $this->showAdd(); + return; + } + + // Handle cloning a specific template + if ( $sub == 'clone' && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) { + $oldTemplate = $wgRequest->getVal( 'oldTemplate' ); + $newTemplate = $wgRequest->getVal( 'newTemplate' ); + // We use the returned name in case any special characters had to be removed + $template = $this->cloneTemplate( $oldTemplate, $newTemplate ); + $wgOut->redirect( SpecialPage::getTitleFor( 'NoticeTemplate', 'view' )->getLocalUrl( "template=$template" ) ); + return; + } + } + + // Show list by default + $this->showList(); // End Banners tab content $wgOut->addHTML( Xml::closeElement( 'div' ) ); @@ -175,7 +172,7 @@ } function showAdd() { - global $wgOut; + global $wgOut, $wgUser; // Build HTML $htmlOut = ''; @@ -194,6 +191,7 @@ $htmlOut .= Xml::tags( 'p', null, Xml::textarea( 'templateBody', '', 60, 20 ) ); + $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() ); // Submit button $htmlOut .= Xml::tags( 'div', @@ -337,7 +335,7 @@ $htmlOut .= Xml::closeElement( 'tr' ); } if ( $this->editable ) { - $htmlOut .= Xml::hidden( 'token', $token ); + $htmlOut .= Xml::hidden( 'authtoken', $token ); $htmlOut .= Xml::hidden( 'wpUserLanguage', $wpUserLang ); $htmlOut .= Xml::openElement( 'tr' ); $htmlOut .= Xml::tags( 'td', array( 'colspan' => 4 ), @@ -347,6 +345,7 @@ } $htmlOut .= Xml::closeElement( 'table' ); + $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() ); $htmlOut .= Xml::closeElement( 'fieldset' ); if ( $this->editable ) { @@ -375,6 +374,7 @@ Xml::tags( 'td', null, $sk->makeLinkObj( $newPage, wfMsgHtml( 'centralnotice-preview-all-template-translations' ), "template=$currentTemplate&wpUserLanguage=all" ) ) ); $htmlOut .= Xml::closeElement( 'table' ); + $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() ); $htmlOut .= Xml::closeElement( 'fieldset' ); $htmlOut .= Xml::closeElement( 'form' ); } @@ -403,6 +403,7 @@ ); } $htmlOut .= Xml::closeElement( 'table' ); + $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() ); $htmlOut .= Xml::closeElement( 'fieldset' ); if ( $this->editable ) { $htmlOut .= Xml::closeElement( 'form' ); @@ -428,6 +429,7 @@ $htmlOut .= Xml::closeElement( 'tr' ); $htmlOut .= Xml::closeElement( 'table' ); + $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() ); $htmlOut .= Xml::closeElement( 'fieldset' ); $htmlOut .= Xml::closeElement( 'form' ); } @@ -539,7 +541,7 @@ global $wgOut; if ( $body == '' || $name == '' ) { - $wgOut->addWikiMsg( 'centralnotice-null-string' ); + $wgOut->addHTML( Xml::element( 'div', array( 'class' => 'cn-error' ), wfMsg( 'centralnotice-null-string' ) ) ); return; } @@ -555,7 +557,7 @@ ); if ( $dbr->numRows( $res ) > 0 ) { - $wgOut->addWikiMsg( 'centralnotice-template-exists' ); + $wgOut->addHTML( Xml::element( 'div', array( 'class' => 'cn-error' ), wfMsg( 'centralnotice-template-exists' ) ) ); return false; } else { $dbw = wfGetDB( DB_MASTER ); @@ -582,7 +584,7 @@ global $wgOut; if ( $body == '' || $name == '' ) { - $wgOut->addWikiMsg( 'centralnotice-null-string' ); + $wgOut->addHTML( Xml::element( 'div', array( 'class' => 'cn-error' ), wfMsg( 'centralnotice-null-string' ) ) ); return; } @@ -765,6 +767,7 @@ } function getEndBody() { + global $wgUser; $htmlOut = ''; if ( $this->editable ) { $htmlOut .= Xml::tags( 'tr', null, @@ -774,6 +777,7 @@ ); } $htmlOut .= Xml::closeElement( 'table' ); + $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() ); return $htmlOut; } } _______________________________________________ MediaWiki-CVS mailing list MediaWiki-CVS@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs