X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FSpecialUnlockdb.php;h=9184ab0360a4d41699a265f5f430e94ef7141d44;hb=9ea27c314149f1686b40cd63c9d026068efcd8a4;hp=33ac7a50e7ffc632e2c999134f86317a30389f5e;hpb=840dee3ad43a33d5b97b2e1dee64d5c04e255227;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/SpecialUnlockdb.php b/includes/SpecialUnlockdb.php index 33ac7a50e7..9184ab0360 100644 --- a/includes/SpecialUnlockdb.php +++ b/includes/SpecialUnlockdb.php @@ -1,74 +1,99 @@ isDeveloper() ) { + if ( ! $wgUser->isAllowed('siteadmin') ) { $wgOut->developerRequired(); return; } + $action = $wgRequest->getVal( 'action' ); $f = new DBUnlockForm(); - if ( "success" == $action ) { $f->showSuccess(); } - else if ( "submit" == $action ) { $f->doSubmit(); } - else { $f->showForm( "" ); } + if ( "success" == $action ) { + $f->showSuccess(); + } else if ( "submit" == $action && $wgRequest->wasPosted() && + $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) { + $f->doSubmit(); + } else { + $f->showForm( "" ); + } } +/** + * + * @package MediaWiki + * @subpackage SpecialPage + */ class DBUnlockForm { - function showForm( $err ) { global $wgOut, $wgUser, $wgLang; - global $wpLockConfirm; $wgOut->setPagetitle( wfMsg( "unlockdb" ) ); $wgOut->addWikiText( wfMsg( "unlockdbtext" ) ); if ( "" != $err ) { $wgOut->setSubtitle( wfMsg( "formerror" ) ); - $wgOut->addHTML( "

{$err}\n" ); + $wgOut->addHTML( '

' . htmlspecialchars( $err ) . "

\n" ); } - $lc = wfMsg( "unlockconfirm" ); - $lb = wfMsg( "unlockbtn" ); + $lc = htmlspecialchars( wfMsg( "unlockconfirm" ) ); + $lb = htmlspecialchars( wfMsg( "unlockbtn" ) ); $titleObj = Title::makeTitle( NS_SPECIAL, "Unlockdb" ); - $action = $titleObj->getURL( "action=submit", true ); + $action = $titleObj->escapeLocalURL( "action=submit" ); + $token = htmlspecialchars( $wgUser->editToken() ); + + $wgOut->addHTML( <<addHTML( "

-

- - - -
- -{$lc} -
  - -
-
\n" ); +
+ + + + + + + + + +
+ + {$lc}
  + +
+ +
+END +); } - function doSubmit() - { + function doSubmit() { global $wgOut, $wgUser, $wgLang; - global $wpLockConfirm, $wgReadOnlyFile; + global $wgRequest, $wgReadOnlyFile; + $wpLockConfirm = $wgRequest->getCheck( 'wpLockConfirm' ); if ( ! $wpLockConfirm ) { $this->showForm( wfMsg( "locknoconfirm" ) ); return; } - if ( ! unlink( $wgReadOnlyFile ) ) { + if ( @! unlink( $wgReadOnlyFile ) ) { $wgOut->fileDeleteError( $wgReadOnlyFile ); return; } $titleObj = Title::makeTitle( NS_SPECIAL, "Unlockdb" ); - $success = $titleObj->getURL( "action=success" ); + $success = $titleObj->getFullURL( "action=success" ); $wgOut->redirect( $success ); } - function showSuccess() - { + function showSuccess() { global $wgOut, $wgUser; global $ip;