dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge "Language: s/error_log/wfWarn/"
[lhc/web/wiklou.git] / includes / specials / SpecialSearch.php
diff --git a/includes/specials/SpecialSearch.php b/includes/specials/SpecialSearch.php
index 71cd9ba..3407476 100644 (file)
--- a/includes/specials/SpecialSearch.php
+++ b/includes/specials/SpecialSearch.php
@@ -96,6 +96,16 @@ class SpecialSearch extends SpecialPage {
                $search = str_replace( "\n", " ", $request->getText( 'search', $titleParam ) );
 
                $this->load();
+               if ( !is_null( $request->getVal( 'nsRemember' ) ) ) {
+                       $this->saveNamespaces();
+                       // Remove the token from the URL to prevent the user from inadvertently
+                       // exposing it (e.g. by pasting it into a public wiki page) or undoing
+                       // later settings changes (e.g. by reloading the page).
+                       $query = $request->getValues();
+                       unset( $query['title'], $query['nsRemember'] );
+                       $out->redirect( $this->getPageTitle()->getFullURL( $query ) );
+                       return;
+               }
 
                $this->searchEngineType = $request->getVal( 'srbackend' );
 
@@ -209,7 +219,6 @@ class SpecialSearch extends SpecialPage {
                $search = $this->getSearchEngine();
                $search->setLimitOffset( $this->limit, $this->offset );
                $search->setNamespaces( $this->namespaces );
-               $this->saveNamespaces();
                $search->prefix = $this->mPrefix;
                $term = $search->transformSearchTerm( $term );
 
@@ -358,10 +367,8 @@ class SpecialSearch extends SpecialPage {
                                        $this->limit + $this->offset >= $totalRes
                                );
                        }
-                       wfRunHooks( 'SpecialSearchResults', array( $term, &$titleMatches, &$textMatches ) );
-               } else {
-                       wfRunHooks( 'SpecialSearchNoResults', array( $term ) );
                }
+               wfRunHooks( 'SpecialSearchResults', array( $term, &$titleMatches, &$textMatches ) );
 
                $out->parserOptions()->setEditSection( false );
                if ( $titleMatches ) {
@@ -516,9 +523,8 @@ class SpecialSearch extends SpecialPage {
                $request = $this->getRequest();
 
                if ( $user->isLoggedIn() &&
-                       !is_null( $request->getVal( 'nsRemember' ) ) &&
                        $user->matchEditToken(
-                               $request->getVal( 'nsToken' ),
+                               $request->getVal( 'nsRemember' ),
                                'searchnamespace',
                                $request
                        )
@@ -528,7 +534,7 @@ class SpecialSearch extends SpecialPage {
                        foreach ( MWNamespace::getValidNamespaces() as $n ) {
                                $user->setOption( 'searchNs' . $n, false );
                        }
-                       // The request parameters include all the namespaces we just searched.
+                       // The request parameters include all the namespaces to be searched.
                        // Even if they're the same as an existing profile, they're not eaten.
                        foreach ( $this->namespaces as $n ) {
                                $user->setOption( 'searchNs' . $n, true );
@@ -932,18 +938,17 @@ class SpecialSearch extends SpecialPage {
                $remember = '';
                $user = $this->getUser();
                if ( $user->isLoggedIn() ) {
-                       $remember .= Html::hidden(
-                               'nsToken',
-                               $user->getEditToken(
-                                       'searchnamespace',
-                                       $this->getRequest()
-                               )
-                       ) .
-                       Xml::checkLabel(
+                       $remember .= Xml::checkLabel(
                                wfMessage( 'powersearch-remember' )->text(),
                                'nsRemember',
                                'mw-search-powersearch-remember',
-                               false
+                               false,
+                               // The token goes here rather than in a hidden field so it
+                               // is only sent when necessary (not every form submission).
+                               array( 'value' => $user->getEditToken(
+                                       'searchnamespace',
+                                       $this->getRequest()
+                               ) )
                        );
                }
 
Wiklou, le Wiki du Wiklou