if( !defined( 'MEDIAWIKI' ) )
die();
-/* to get a list of languages in setting user's language preference */
+/** to get a list of languages in setting user's language preference */
require_once('languages/Names.php');
/**
* Load some values
*/
function PreferencesForm( &$request ) {
- global $wgLang, $wgContLang, $wgAllowRealName;
+ global $wgLang, $wgContLang, $wgUser, $wgAllowRealName;
$this->mQuickbar = $request->getVal( 'wpQuickbar' );
$this->mOldpass = $request->getVal( 'wpOldpass' );
$this->mAction = $request->getVal( 'action' );
$this->mReset = $request->getCheck( 'wpReset' );
$this->mPosted = $request->wasPosted();
- $this->mSaveprefs = $request->getCheck( 'wpSaveprefs' ) && $this->mPosted;
+ $this->mSaveprefs = $request->getCheck( 'wpSaveprefs' ) &&
+ $this->mPosted &&
+ $wgUser->matchEditToken( $request->getVal( 'wpEditToken' ) );
# User toggles (the big ugly unsorted list of checkboxes)
$this->mToggles = array();
}
}
}
+
+ # Validate language
+ if ( !preg_match( '/^[a-z\-]*$/', $this->mUserLanguage ) ) {
+ $this->mUserLanguage = 'nolanguage';
+ }
}
function execute() {
global $wgUser, $wgOut, $wgUseDynamicDates;
- if ( 0 == $wgUser->getID() ) {
+ if ( $wgUser->isAnon() ) {
$wgOut->errorpage( 'prefsnologin', 'prefsnologintext' );
return;
}
function savePreferences() {
global $wgUser, $wgLang, $wgOut;
global $wgEnableUserEmail, $wgEnableEmail;
- global $wgEmailAuthentication;
+ global $wgEmailAuthentication, $wgMinimalPasswordLength;
+;
if ( '' != $this->mNewpass ) {
if ( $this->mNewpass != $this->mRetypePass ) {
return;
}
+ if ( strlen( $this->mNewpass ) < $wgMinimalPasswordLength ) {
+ $this->mainPrefsForm( wfMsg( 'passwordtooshort', $wgMinimalPasswordLength ) );
+ return;
+ }
+
if (!$wgUser->checkPassword( $this->mOldpass )) {
$this->mainPrefsForm( wfMsg( 'wrongpassword' ) );
return;
$fancysig = $this->getToggle( 'fancysig' );
$wgOut->addHTML("
- <div><label>$ynn: <input type='text' name=\"wpNick\" value=\"{$this->mNick}\" size='12' /></label></div>
+ <div><label>$ynn: <input type='text' name=\"wpNick\" value=\"{$this->mNick}\" size='25' /></label></div>
<div>$fancysig<br /></div>
<div><label>$yl: <select name=\"wpUserLanguage\">\n");
}
$wgOut->addHTML( "</fieldset>\n\n" );
+ $token = htmlspecialchars( $wgUser->editToken() );
$wgOut->addHTML( "
<div id='prefsubmit'>
<div>
</div>
+ <input type='hidden' name='wpEditToken' value=\"{$token}\" />
</form>\n" );
}
}
dépôts / lhc / web / wiklou.git / blobdiff