dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
More robust existence/sanity checking
[lhc/web/wiklou.git] / includes / FileDeleteForm.php
1 <?php
2
3 /**
4 * File deletion user interface
5 *
6 * @addtogroup Media
7 * @author Rob Church <robchur@gmail.com>
8 */
9 class FileDeleteForm {
10
11 private $title = null;
12 private $file = null;
13
14 private $oldfile = null;
15 private $oldimage = '';
16
17 /**
18 * Constructor
19 *
20 * @param File $file File we're deleting
21 */
22 public function __construct( $file ) {
23 $this->title = $file->getTitle();
24 $this->file = $file;
25 }
26
27 /**
28 * Fulfil the request; shows the form or deletes the file,
29 * pending authentication, confirmation, etc.
30 */
31 public function execute() {
32 global $wgOut, $wgRequest, $wgUser, $wgLang, $wgServer;
33 $this->setHeaders();
34
35 if( wfReadOnly() ) {
36 $wgOut->readOnlyPage();
37 return;
38 } elseif( !$wgUser->isLoggedIn() ) {
39 $wgOut->showErrorPage( 'uploadnologin', 'uploadnologintext' );
40 return;
41 } elseif( !$wgUser->isAllowed( 'delete' ) ) {
42 $wgOut->permissionError( 'delete' );
43 return;
44 } elseif( $wgUser->isBlocked() ) {
45 $wgOut->blockedPage();
46 return;
47 }
48
49 $this->oldimage = $wgRequest->getText( 'oldimage', false );
50 $token = $wgRequest->getText( 'wpEditToken' );
51 if( $this->oldimage && !$this->isValidOldSpec() ) {
52 $wgOut->showUnexpectedValueError( 'oldimage', htmlspecialchars( $this->oldimage ) );
53 return;
54 }
55 if( $this->oldimage )
56 $this->oldfile = RepoGroup::singleton()->getLocalRepo()->newFromArchiveName( $this->title, $this->oldimage );
57
58 if( !$this->haveDeletableFile() ) {
59 $wgOut->addHtml( $this->prepareMessage( 'filedelete-nofile' ) );
60 $wgOut->addReturnTo( $this->title );
61 return;
62 }
63
64 // Perform the deletion if appropriate
65 if( $wgRequest->wasPosted() && $wgUser->matchEditToken( $token, $this->oldimage ) ) {
66 $comment = $wgRequest->getText( 'wpComment' );
67 if( $this->oldimage ) {
68 $status = $this->file->deleteOld( $this->oldimage, $comment );
69 if( $status->ok ) {
70 // Need to do a log item
71 $log = new LogPage( 'delete' );
72 $log->addEntry( 'delete', $this->title, wfMsg( 'deletedrevision' , $this->oldimage ) );
73 }
74 } else {
75 $status = $this->file->delete( $comment );
76 if( $status->ok ) {
77 // Need to delete the associated article
78 $article = new Article( $this->title );
79 $article->doDeleteArticle( $comment );
80 }
81 }
82 if( !$status->isGood() )
83 $wgOut->addWikiText( $status->getWikiText( 'filedeleteerror-short', 'filedeleteerror-long' ) );
84 if( $status->ok ) {
85 $wgOut->addHtml( $this->prepareMessage( 'filedelete-success' ) );
86 // Return to the main page if we just deleted all versions of the
87 // file, otherwise go back to the description page
88 $wgOut->addReturnTo( $this->oldimage ? $this->title : Title::newMainPage() );
89 }
90 return;
91 }
92
93 // Show the form
94 $this->showForm();
95 }
96
97 /**
98 * Show the confirmation form
99 */
100 private function showForm() {
101 global $wgOut, $wgUser;
102
103 $form = Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->getAction() ) );
104 $form .= Xml::hidden( 'wpEditToken', $wgUser->editToken( $this->oldimage ) );
105 $form .= '<fieldset><legend>' . wfMsgHtml( 'filedelete-legend' ) . '</legend>';
106 $form .= $this->prepareMessage( 'filedelete-intro' );
107
108 $form .= '<p>' . Xml::inputLabel( wfMsg( 'filedelete-comment' ), 'wpComment', 'wpComment', 60 ) . '</p>';
109 $form .= '<p>' . Xml::submitButton( wfMsg( 'filedelete-submit' ) ) . '</p>';
110 $form .= '</fieldset>';
111 $form .= '</form>';
112
113 $wgOut->addHtml( $form );
114 }
115
116 /**
117 * Prepare a message referring to the file being deleted,
118 * showing an appropriate message depending upon whether
119 * it's a current file or an old version
120 *
121 * @param string $message Message base
122 * @return string
123 */
124 private function prepareMessage( $message ) {
125 global $wgLang, $wgServer;
126 if( $this->oldimage ) {
127 return wfMsgExt(
128 "{$message}-old",
129 'parse',
130 $this->title->getText(),
131 $wgLang->date( $this->getTimestamp(), true ),
132 $wgLang->time( $this->getTimestamp(), true ),
133 $wgServer . $this->file->getArchiveUrl( $this->oldimage )
134 );
135 } else {
136 return wfMsgExt(
137 $message,
138 'parse',
139 $this->title->getText()
140 );
141 }
142 }
143
144 /**
145 * Set headers, titles and other bits
146 */
147 private function setHeaders() {
148 global $wgOut;
149 $wgOut->setPageTitle( wfMsg( 'filedelete', $this->title->getText() ) );
150 $wgOut->setRobotPolicy( 'noindex,nofollow' );
151 }
152
153 /**
154 * Is the provided `oldimage` value valid?
155 *
156 * @return bool
157 */
158 private function isValidOldSpec() {
159 return strlen( $this->oldimage ) >= 16
160 && strpos( $this->oldimage, '/' ) === false
161 && strpos( $this->oldimage, '\\' ) === false;
162 }
163
164 /**
165 * Could we delete the file specified? If an `oldimage`
166 * value was provided, does it correspond to an
167 * existing, local, old version of this file?
168 *
169 * @return bool
170 */
171 private function haveDeletableFile() {
172 return $this->oldimage
173 ? $this->oldfile && $this->oldfile->exists() && $this->oldfile->isLocal()
174 : $this->file && $this->file->exists() && $this->file->isLocal();
175 }
176
177 /**
178 * Prepare the form action
179 *
180 * @return string
181 */
182 private function getAction() {
183 $q = array();
184 $q[] = 'action=delete';
185 if( $this->oldimage )
186 $q[] = 'oldimage=' . urlencode( $this->oldimage );
187 return $this->title->getLocalUrl( implode( '&', $q ) );
188 }
189
190 /**
191 * Extract the timestamp of the old version
192 *
193 * @return string
194 */
195 private function getTimestamp() {
196 return $this->oldfile->getTimestamp();
197 }
198
199 }
Wiklou, le Wiki du Wiklou