X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FSpecialLockdb.php;h=bc07b041a47dc723e432473e0151f7ce6eaf2b86;hb=df3b5efda09d9c6ffc01968e96919ad5ff47903f;hp=db07f458228f3997d0c2375e5be840148d3f40b3;hpb=74886b186c9012cc590a68d8321dc95d5572b9d6;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/SpecialLockdb.php b/includes/SpecialLockdb.php
index db07f45822..bc07b041a4 100644
--- a/includes/SpecialLockdb.php
+++ b/includes/SpecialLockdb.php
@@ -19,9 +19,14 @@ function wfSpecialLockdb()
 	$action = $wgRequest->getVal( 'action' );
 	$f = new DBLockForm();
 
-	if ( "success" == $action ) { $f->showSuccess(); }
-	else if ( "submit" == $action && $wgRequest->wasPosted() ) { $f->doSubmit(); }
-	else { $f->showForm( "" ); }
+	if ( "success" == $action ) {
+		$f->showSuccess();
+	} else if ( "submit" == $action && $wgRequest->wasPosted() &&
+		$wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
+		$f->doSubmit();
+	} else {
+		$f->showForm( "" );
+	}
 }
 
 /**
@@ -53,6 +58,7 @@ class DBLockForm {
 		$elr = htmlspecialchars( wfMsg( "enterlockreason" ) );
 		$titleObj = Title::makeTitle( NS_SPECIAL, "Lockdb" );
 		$action = $titleObj->escapeLocalURL( "action=submit" );
+		$token = htmlspecialchars( $wgUser->editToken() );
 
 		$wgOut->addHTML( <<<END
 <form id="lockdb" method="post" action="{$action}">
@@ -72,6 +78,7 @@ class DBLockForm {
 		</td>
 	</tr>
 </table>
+<input type="hidden" name="wpEditToken" value="{$token}" />
 </form>
 END
 );