global $wgUser, $wgOut, $wgRequest, $action, $wgOnlySysopMayMove;
# check rights. We don't want newbies to move pages to prevents possible attack
- if ( 0 == $wgUser->getID() or $wgUser->isBlocked() or ($wgOnlySysopMayMove and $wgUser->isNewbie())) {
+ if ( $wgUser->isAnon() or $wgUser->isBlocked() or ($wgOnlySysopMayMove and $wgUser->isNewbie())) {
$wgOut->errorpage( "movenologin", "movenologintext" );
return;
}
$f = new MovePageForm();
- if ( 'success' == $action ) { $f->showSuccess(); }
- else if ( 'submit' == $action && $wgRequest->wasPosted() ) { $f->doSubmit(); }
- else { $f->showForm( '' ); }
+ if ( 'success' == $action ) {
+ $f->showSuccess();
+ } else if ( 'submit' == $action && $wgRequest->wasPosted()
+ && $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
+ $f->doSubmit();
+ } else {
+ $f->showForm( '' );
+ }
}
/**
}
$wgOut->addWikiText( wfMsg( 'movepagetext' ) );
- if ( ! Namespace::isTalk( $ot->getNamespace() ) ) {
+ if ( !$ot->isTalkPage() ) {
$wgOut->addWikiText( wfMsg( 'movepagetalktext' ) );
}
$titleObj = Title::makeTitle( NS_SPECIAL, 'Movepage' );
$action = $titleObj->escapeLocalURL( 'action=submit' );
+ $token = htmlspecialchars( $wgUser->editToken() );
if ( $err != '' ) {
$wgOut->setSubtitle( wfMsg( 'formerror' ) );
</td>
</tr>" );
- if ( ! Namespace::isTalk( $ot->getNamespace() ) ) {
+ if ( ! $ot->isTalkPage() ) {
$wgOut->addHTML( "
<tr>
<td align='right'>
</td>
</tr>
</table>
+ <input type='hidden' name='wpEditToken' value=\"{$token}\" />
</form>\n" );
}
}
function showSuccess() {
- global $wgOut, $wgUser, $wgRequest, $wgRawHtml;
+ global $wgOut, $wgRequest, $wgRawHtml;
$wgOut->setPagetitle( wfMsg( 'movepage' ) );
$wgOut->setSubtitle( wfMsg( 'pagemovedsub' ) );
$wgOut->addHTML( "\n<p><strong>" . wfMsg( 'talkexists' ) . "</strong></p>\n" );
} else {
$ot = Title::newFromURL( $oldtitle );
- if ( ! Namespace::isTalk( $ot->getNamespace() ) ) {
+ if ( ! $ot->isTalkPage() ) {
$wgOut->addHTML( "\n<p>" . wfMsg( 'talkpagenotmoved', wfMsg( $talkmoved ) ) . "</p>\n" );
}
}
}
}
-?>
+?>
\ No newline at end of file