*/
class HTMLForm extends ContextSource {
- # A mapping of 'type' inputs onto standard HTMLFormField subclasses
+ // A mapping of 'type' inputs onto standard HTMLFormField subclasses
static $typeMappings = array(
'text' => 'HTMLTextField',
'textarea' => 'HTMLTextAreaField',
'hidden' => 'HTMLHiddenField',
'edittools' => 'HTMLEditTools',
- # HTMLTextField will output the correct type="" attribute automagically.
- # There are about four zillion other HTML5 input types, like url, but
- # we don't use those at the moment, so no point in adding all of them.
+ // HTMLTextField will output the correct type="" attribute automagically.
+ // There are about four zillion other HTML5 input types, like url, but
+ // we don't use those at the moment, so no point in adding all of them.
'email' => 'HTMLTextField',
'password' => 'HTMLTextField',
);
protected $mTitle;
protected $mMethod = 'post';
+ /**
+ * Form action URL. false means we will use the URL to set Title
+ * @since 1.19
+ * @var bool|string
+ */
+ protected $mAction = false;
+
protected $mUseMultipart = false;
protected $mHiddenFields = array();
protected $mButtons = array();
* @return Status|boolean
*/
function tryAuthorizedSubmit() {
- $editToken = $this->getRequest()->getVal( 'wpEditToken' );
-
$result = false;
- if ( $this->getMethod() != 'post' || $this->getUser()->matchEditToken( $editToken ) ) {
+
+ $submit = false;
+ if ( $this->getMethod() != 'post' ) {
+ $submit = true; // no session check needed
+ } elseif ( $this->getRequest()->wasPosted() ) {
+ $editToken = $this->getRequest()->getVal( 'wpEditToken' );
+ if ( $this->getUser()->isLoggedIn() || $editToken != null ) {
+ // Session tokens for logged-out users have no security value.
+ // However, if the user gave one, check it in order to give a nice
+ // "session expired" error instead of "permission denied" or such.
+ $submit = $this->getUser()->matchEditToken( $editToken );
+ } else {
+ $submit = true;
+ }
+ }
+
+ if ( $submit ) {
$result = $this->trySubmit();
}
+
return $result;
}
/**
* Add header text, inside the form.
* @param $msg String complete text of message to display
- * @param $section The section to add the header to
+ * @param $section string The section to add the header to
*/
function addHeaderText( $msg, $section = null ) {
if ( is_null( $section ) ) {
: 'application/x-www-form-urlencoded';
# Attributes
$attribs = array(
- 'action' => $this->getTitle()->getFullURL(),
+ 'action' => $this->mAction === false ? $this->getTitle()->getFullURL() : $this->mAction,
'method' => $this->mMethod,
'class' => 'visualClear',
'enctype' => $encType,
public function getLegend( $key ) {
return wfMsg( "{$this->mMessagePrefix}-$key" );
}
+
+ /**
+ * Set the value for the action attribute of the form.
+ * When set to false (which is the default state), the set title is used.
+ *
+ * @since 1.19
+ *
+ * @param string|bool $action
+ */
+ public function setAction( $action ) {
+ $this->mAction = $action;
+ }
+
}
/**
/**
* flatten an array of options to a single array, for instance,
* a set of <options> inside <optgroups>.
- * @param $options Associative Array with values either Strings
+ * @param $options array Associative Array with values either Strings
* or Arrays
* @return Array flattened input
*/