// available in doDelete etc.
function view() {
- if ( Namespace::getImage() == $this->mTitle->getNamespace() ) {
+ if( $this->mTitle->getNamespace() == NS_IMAGE ) {
$this->openShowImage();
}
# follow it with the history list and link list for the image
# it describes.
- if ( Namespace::getImage() == $this->mTitle->getNamespace() ) {
+ if( $this->mTitle->getNamespace() == NS_IMAGE ) {
$this->closeShowImage();
$this->imageHistory();
$this->imageLinks();
$url = $full_url;
}
$anchoropen = "<a href=\"{$full_url}\">";
- $anchorclose = "<br />{$msg}</a>";
+ $anchorclose = "</a><br />\n$anchoropen{$msg}</a>";
} else {
$url = $full_url;
}
{
global $wgUser, $wgOut, $wgRequest;
- $confirm = $wgRequest->getBool( 'wpConfirm' );
+ $confirm = $wgRequest->getBool( 'wpConfirmB' );
$image = $wgRequest->getVal( 'image' );
$oldimage = $wgRequest->getVal( 'oldimage' );
# Deleting old images doesn't require confirmation
if ( !is_null( $oldimage ) || $confirm ) {
- $this->doDelete();
+ if( $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ), $oldimage ) ) {
+ $this->doDelete();
+ } else {
+ $wgOut->fatalError( wfMsg( 'sessionfailure' ) );
+ }
return;
}
$fname = 'ImagePage::doDelete';
$reason = $wgRequest->getVal( 'wpReason' );
- $image = $wgRequest->getVal( 'image' );
$oldimage = $wgRequest->getVal( 'oldimage' );
$dbw =& wfGetDB( DB_MASTER );
if ( !is_null( $oldimage ) ) {
+ if ( strlen( $oldimage ) < 16 ) {
+ $wgOut->unexpectedValueError( 'oldimage', htmlspecialchars($oldimage) );
+ return;
+ }
+ if ( strstr( $oldimage, "/" ) || strstr( $oldimage, "\\" ) ) {
+ $wgOut->unexpectedValueError( 'oldimage', htmlspecialchars($oldimage) );
+ return;
+ }
# Squid purging
if ( $wgUseSquid ) {
$urlArr = Array(
$dbw->delete( 'oldimage', array( 'oi_archive_name' => $oldimage ) );
$deleted = $oldimage;
} else {
- if ( is_null ( $image ) ) {
- $image = $this->mTitle->getDBkey();
- }
+ $image = $this->mTitle->getDBkey();
$dest = wfImageDir( $image );
$archive = wfImageDir( $image );
# Image itself is now gone, and database is cleaned.
# Now we remove the image description page.
- $nt = Title::newFromText( $wgContLang->getNsText( Namespace::getImage() ) . ":" . $image );
+ $nt = Title::makeTitleSafe( NS_IMAGE, $image );
$article = new Article( $nt );
$article->doDeleteArticle( $reason ); # ignore errors
+ /* refresh image metadata cache */
+ new Image( $image, true );
+
$deleted = $image;
}
$wgOut->setRobotpolicy( 'noindex,nofollow' );
$sk = $wgUser->getSkin();
- $loglink = $sk->makeKnownLink( $wgContLang->getNsText(
- Namespace::getWikipedia() ) .
- ':' . wfMsg( 'dellogpage' ), wfMsg( 'deletionlog' ) );
+ $loglink = $sk->makeKnownLinkObj(
+ Title::makeTitle( NS_SPECIAL, 'Delete/log' ),
+ wfMsg( 'deletionlog' ) );
$text = wfMsg( 'deletedtext', $deleted, $loglink );
function revert()
{
- global $wgOut, $wgRequest;
+ global $wgOut, $wgRequest, $wgUser;
global $wgUseSquid, $wgInternalServer, $wgDeferredUpdateList;
$oldimage = $wgRequest->getText( 'oldimage' );
$wgOut->readOnlyPage();
return;
}
- if( $wgUser->getId() == 0 ) {
+ if( $wgUser->isAnon() ) {
$wgOut->errorpage( 'uploadnologin', 'uploadnologintext' );
return;
}
$wgOut->sysopRequired();
return;
}
+ if( !$wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ), $oldimage ) ) {
+ $wgOut->errorpage( 'internalerror', 'sessionfailure' );
+ return;
+ }
$name = substr( $oldimage, 15 );
$dest = wfImageDir( $name );
$wgOut->fileCopyError( "${archive}/{$oldimage}", $curfile );
}
wfRecordUpload( $name, $oldver, $size, wfMsg( "reverted" ) );
+
+ /* refresh image metadata cache */
+ new Image( $name, true );
+
# Squid purging
if ( $wgUseSquid ) {
$urlArr = Array(
} else {
$url = htmlspecialchars( wfImageArchiveUrl( $img ) );
if( $wgUser->getID() != 0 && $wgTitle->userCanEdit() ) {
+ $token = urlencode( $wgUser->editToken( $img ) );
$rlink = $this->skin->makeKnownLink( $wgTitle->getPrefixedText(),
wfMsg( 'revertimg' ), 'action=revert&oldimage=' .
- urlencode( $img ) );
+ urlencode( $img ) . "&wpEditToken=$token" );
$dlink = $this->skin->makeKnownLink( $wgTitle->getPrefixedText(),
- $del, 'action=delete&oldimage=' . urlencode( $img ) );
+ $del, 'action=delete&oldimage=' . urlencode( $img ) .
+ "&wpEditToken=$token" );
} else {
# Having live active links for non-logged in users
# means that bots and spiders crawling our site can
if ( 0 == $user ) {
$userlink = $usertext;
} else {
- $userlink = $this->skin->makeLink( $wgContLang->getNsText( Namespace::getUser() ) .
- ':'.$usertext, $usertext );
+ $userlink = $this->skin->makeLinkObj(
+ Title::makeTitle( NS_USER, $usertext ),
+ $usertext );
}
$nbytes = wfMsg( 'nbytes', $size );
$style = $this->skin->getInternalLinkAttributes( $url, $datetime );
$s = "<li> ({$dlink}) ({$rlink}) <a href=\"{$url}\"{$style}>{$datetime}</a>"
. " . . {$userlink} ({$nbytes})";
- if ( '' != $description && '*' != $description ) {
- $sk=$wgUser->getSkin();
- $s .= $wgContLang->emphasize(' (' . $sk->formatComment($description,$wgTitle) . ')');
- }
+ $s .= $this->skin->commentBlock( $description, $wgTitle );
$s .= "</li>\n";
return $s;
}