X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FImagePage.php;h=d0285e8960aea5a8c3ff1e47eb70d412f0e4310b;hb=cd724523d697bdbaa2c86d222f81ff660d05d51e;hp=21dd58c2650793c739beae7062f7174daf240351;hpb=2104f62734f5f16f9f6d78e9782db2375c0805ad;p=lhc%2Fweb%2Fwiklou.git
diff --git a/includes/ImagePage.php b/includes/ImagePage.php
index 21dd58c265..d0285e8960 100644
--- a/includes/ImagePage.php
+++ b/includes/ImagePage.php
@@ -21,7 +21,7 @@ class ImagePage extends Article {
// available in doDelete etc.
function view() {
- if ( Namespace::getImage() == $this->mTitle->getNamespace() ) {
+ if( $this->mTitle->getNamespace() == NS_IMAGE ) {
$this->openShowImage();
}
@@ -31,7 +31,7 @@ class ImagePage extends Article {
# follow it with the history list and link list for the image
# it describes.
- if ( Namespace::getImage() == $this->mTitle->getNamespace() ) {
+ if( $this->mTitle->getNamespace() == NS_IMAGE ) {
$this->closeShowImage();
$this->imageHistory();
$this->imageLinks();
@@ -97,7 +97,7 @@ class ImagePage extends Article {
$url = $full_url;
}
$anchoropen = "";
- $anchorclose = "
{$msg}";
+ $anchorclose = "
\n$anchoropen{$msg}";
} else {
$url = $full_url;
}
@@ -187,7 +187,7 @@ class ImagePage extends Article {
{
global $wgUser, $wgOut, $wgRequest;
- $confirm = $wgRequest->getBool( 'wpConfirm' );
+ $confirm = $wgRequest->getBool( 'wpConfirmB' );
$image = $wgRequest->getVal( 'image' );
$oldimage = $wgRequest->getVal( 'oldimage' );
@@ -212,7 +212,11 @@ class ImagePage extends Article {
# Deleting old images doesn't require confirmation
if ( !is_null( $oldimage ) || $confirm ) {
- $this->doDelete();
+ if( $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ), $oldimage ) ) {
+ $this->doDelete();
+ } else {
+ $wgOut->fatalError( wfMsg( 'sessionfailure' ) );
+ }
return;
}
@@ -233,12 +237,19 @@ class ImagePage extends Article {
$fname = 'ImagePage::doDelete';
$reason = $wgRequest->getVal( 'wpReason' );
- $image = $wgRequest->getVal( 'image' );
$oldimage = $wgRequest->getVal( 'oldimage' );
$dbw =& wfGetDB( DB_MASTER );
if ( !is_null( $oldimage ) ) {
+ if ( strlen( $oldimage ) < 16 ) {
+ $wgOut->unexpectedValueError( 'oldimage', htmlspecialchars($oldimage) );
+ return;
+ }
+ if ( strstr( $oldimage, "/" ) || strstr( $oldimage, "\\" ) ) {
+ $wgOut->unexpectedValueError( 'oldimage', htmlspecialchars($oldimage) );
+ return;
+ }
# Squid purging
if ( $wgUseSquid ) {
$urlArr = Array(
@@ -250,9 +261,7 @@ class ImagePage extends Article {
$dbw->delete( 'oldimage', array( 'oi_archive_name' => $oldimage ) );
$deleted = $oldimage;
} else {
- if ( is_null ( $image ) ) {
- $image = $this->mTitle->getDBkey();
- }
+ $image = $this->mTitle->getDBkey();
$dest = wfImageDir( $image );
$archive = wfImageDir( $image );
@@ -294,10 +303,13 @@ class ImagePage extends Article {
# Image itself is now gone, and database is cleaned.
# Now we remove the image description page.
- $nt = Title::newFromText( $wgContLang->getNsText( Namespace::getImage() ) . ":" . $image );
+ $nt = Title::makeTitleSafe( NS_IMAGE, $image );
$article = new Article( $nt );
$article->doDeleteArticle( $reason ); # ignore errors
+ /* refresh image metadata cache */
+ new Image( $image, true );
+
$deleted = $image;
}
@@ -305,9 +317,9 @@ class ImagePage extends Article {
$wgOut->setRobotpolicy( 'noindex,nofollow' );
$sk = $wgUser->getSkin();
- $loglink = $sk->makeKnownLink( $wgContLang->getNsText(
- Namespace::getWikipedia() ) .
- ':' . wfMsg( 'dellogpage' ), wfMsg( 'deletionlog' ) );
+ $loglink = $sk->makeKnownLinkObj(
+ Title::makeTitle( NS_SPECIAL, 'Delete/log' ),
+ wfMsg( 'deletionlog' ) );
$text = wfMsg( 'deletedtext', $deleted, $loglink );
@@ -342,7 +354,7 @@ class ImagePage extends Article {
function revert()
{
- global $wgOut, $wgRequest;
+ global $wgOut, $wgRequest, $wgUser;
global $wgUseSquid, $wgInternalServer, $wgDeferredUpdateList;
$oldimage = $wgRequest->getText( 'oldimage' );
@@ -359,10 +371,18 @@ class ImagePage extends Article {
$wgOut->readOnlyPage();
return;
}
+ if( $wgUser->isAnon() ) {
+ $wgOut->errorpage( 'uploadnologin', 'uploadnologintext' );
+ return;
+ }
if ( ! $this->mTitle->userCanEdit() ) {
$wgOut->sysopRequired();
return;
}
+ if( !$wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ), $oldimage ) ) {
+ $wgOut->errorpage( 'internalerror', 'sessionfailure' );
+ return;
+ }
$name = substr( $oldimage, 15 );
$dest = wfImageDir( $name );
@@ -387,6 +407,10 @@ class ImagePage extends Article {
$wgOut->fileCopyError( "${archive}/{$oldimage}", $curfile );
}
wfRecordUpload( $name, $oldver, $size, wfMsg( "reverted" ) );
+
+ /* refresh image metadata cache */
+ new Image( $name, true );
+
# Squid purging
if ( $wgUseSquid ) {
$urlArr = Array(
@@ -446,11 +470,13 @@ class ImageHistoryList {
} else {
$url = htmlspecialchars( wfImageArchiveUrl( $img ) );
if( $wgUser->getID() != 0 && $wgTitle->userCanEdit() ) {
+ $token = urlencode( $wgUser->editToken( $img ) );
$rlink = $this->skin->makeKnownLink( $wgTitle->getPrefixedText(),
wfMsg( 'revertimg' ), 'action=revert&oldimage=' .
- urlencode( $img ) );
+ urlencode( $img ) . "&wpEditToken=$token" );
$dlink = $this->skin->makeKnownLink( $wgTitle->getPrefixedText(),
- $del, 'action=delete&oldimage=' . urlencode( $img ) );
+ $del, 'action=delete&oldimage=' . urlencode( $img ) .
+ "&wpEditToken=$token" );
} else {
# Having live active links for non-logged in users
# means that bots and spiders crawling our site can
@@ -462,8 +488,9 @@ class ImageHistoryList {
if ( 0 == $user ) {
$userlink = $usertext;
} else {
- $userlink = $this->skin->makeLink( $wgContLang->getNsText( Namespace::getUser() ) .
- ':'.$usertext, $usertext );
+ $userlink = $this->skin->makeLinkObj(
+ Title::makeTitle( NS_USER, $usertext ),
+ $usertext );
}
$nbytes = wfMsg( 'nbytes', $size );
$style = $this->skin->getInternalLinkAttributes( $url, $datetime );
@@ -471,10 +498,7 @@ class ImageHistoryList {
$s = "