<?php
/**
*
+ * @package MediaWiki
+ * @subpackage SpecialPage
*/
/**
global $wgUser, $wgOut, $wgRequest, $action, $wgOnlySysopMayMove;
# check rights. We don't want newbies to move pages to prevents possible attack
- if ( 0 == $wgUser->getID() or $wgUser->isBlocked() or ($wgOnlySysopMayMove and $wgUser->isNewbie())) {
+ if ( $wgUser->isAnon() or $wgUser->isBlocked() or ($wgOnlySysopMayMove and $wgUser->isNewbie())) {
$wgOut->errorpage( "movenologin", "movenologintext" );
return;
}
$f = new MovePageForm();
- if ( 'success' == $action ) { $f->showSuccess(); }
- else if ( 'submit' == $action && $wgRequest->wasPosted() ) { $f->doSubmit(); }
- else { $f->showForm( '' ); }
+ if ( 'success' == $action ) {
+ $f->showSuccess();
+ } else if ( 'submit' == $action && $wgRequest->wasPosted()
+ && $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
+ $f->doSubmit();
+ } else {
+ $f->showForm( '' );
+ }
}
/**
*
+ * @package MediaWiki
+ * @subpackage SpecialPage
*/
class MovePageForm {
var $oldTitle, $newTitle; # Text input
$wgOut->setPagetitle( wfMsg( 'movepage' ) );
- if ( empty( $this->oldTitle ) ) {
+ if ( $this->oldTitle == '' ) {
$wgOut->errorpage( 'notargettitle', 'notargettext' );
return;
}
-
- $encOldTitle = htmlspecialchars( $this->oldTitle );
- $encNewTitle = htmlspecialchars( $this->newTitle );
+
$ot = Title::newFromURL( $this->oldTitle );
$ott = $ot->getPrefixedText();
+
+ $encOldTitle = htmlspecialchars( $this->oldTitle );
+ if( $this->newTitle == '' ) {
+ # Show the current title as a default
+ # when the form is first opened.
+ $encNewTitle = $ott;
+ } else {
+ $encNewTitle = htmlspecialchars( $this->newTitle );
+ }
$wgOut->addWikiText( wfMsg( 'movepagetext' ) );
- if ( ! Namespace::isTalk( $ot->getNamespace() ) ) {
+ if ( !$ot->isTalkPage() ) {
$wgOut->addWikiText( wfMsg( 'movepagetalktext' ) );
}
$titleObj = Title::makeTitle( NS_SPECIAL, 'Movepage' );
$action = $titleObj->escapeLocalURL( 'action=submit' );
+ $token = htmlspecialchars( $wgUser->editToken() );
if ( $err != '' ) {
$wgOut->setSubtitle( wfMsg( 'formerror' ) );
</td>
</tr>" );
- if ( ! Namespace::isTalk( $ot->getNamespace() ) ) {
+ if ( ! $ot->isTalkPage() ) {
$wgOut->addHTML( "
<tr>
<td align='right'>
</td>
</tr>
</table>
+ <input type='hidden' name='wpEditToken' value=\"{$token}\" />
</form>\n" );
}
# Variables beginning with 'o' for old article 'n' for new article
# Attempt to move the article
-
$ot = Title::newFromText( $this->oldTitle );
$nt = Title::newFromText( $this->newTitle );
+ # don't allow moving to pages with # in
+ if ( !$nt || $nt->getFragment() != '' ) {
+ $this->showForm( wfMsg( "badtitletext" ) );
+ return;
+ }
+
$error = $ot->moveTo( $nt );
if ( $error !== true ) {
$this->showForm( wfMsg( $error ) );
return;
}
-
+
# Update counters if the article got moved into or out of NS_MAIN namespace
$ons = $ot->getNamespace();
$nns = $nt->getNamespace();
# (1) the checkbox says to,
# (2) the namespaces are not themselves talk namespaces, and of course
# (3) it exists.
-
if ( ( $wgRequest->getVal('wpMovetalk') == 1 ) &&
( ! Namespace::isTalk( $ons ) ) &&
( ! Namespace::isTalk( $nns ) ) ) {
}
# Give back result to user.
-
$titleObj = Title::makeTitle( NS_SPECIAL, 'Movepage' );
$success = $titleObj->getFullURL(
'action=success&oldtitle=' . wfUrlencode( $ot->getPrefixedText() ) .
}
function showSuccess() {
- global $wgOut, $wgUser, $wgRequest;
+ global $wgOut, $wgRequest, $wgRawHtml;
$wgOut->setPagetitle( wfMsg( 'movepage' ) );
$wgOut->setSubtitle( wfMsg( 'pagemovedsub' ) );
$talkmoved = $wgRequest->getVal('talkmoved');
$text = wfMsg( 'pagemovedtext', $oldtitle, $newtitle );
+
+ # Temporarily disable raw html wikitext option out of XSS paranoia
+ $marchingantofdoom = $wgRawHtml;
+ $wgRawHtml = false;
$wgOut->addWikiText( $text );
+ $wgRawHtml = $marchingantofdoom;
if ( $talkmoved == 1 ) {
$wgOut->addHTML( "\n<p>" . wfMsg( 'talkpagemoved' ) . "</p>\n" );
$wgOut->addHTML( "\n<p><strong>" . wfMsg( 'talkexists' ) . "</strong></p>\n" );
} else {
$ot = Title::newFromURL( $oldtitle );
- if ( ! Namespace::isTalk( $ot->getNamespace() ) ) {
+ if ( ! $ot->isTalkPage() ) {
$wgOut->addHTML( "\n<p>" . wfMsg( 'talkpagenotmoved', wfMsg( $talkmoved ) ) . "</p>\n" );
}
}
}
}
-?>
+?>
\ No newline at end of file
dépôts / lhc / web / wiklou.git / blobdiff