X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FProtectionForm.php;h=aa682bfa2aa8dda025fed208962f4463c0e7728e;hb=3205049d446abb53b217e7cf1af82a640f9e0480;hp=f333db5e11313631dbcc862a606047fbdc4ba4a9;hpb=1d95a6efa9a595460474bac537a554ecbedb341e;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/ProtectionForm.php b/includes/ProtectionForm.php index f333db5e11..aa682bfa2a 100644 --- a/includes/ProtectionForm.php +++ b/includes/ProtectionForm.php @@ -17,34 +17,49 @@ * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html - * - * @package MediaWiki - * @subpackage SpecialPage */ +/** + * @todo document, briefly. + */ class ProtectionForm { var $mRestrictions = array(); var $mReason = ''; var $mCascade = false; + var $mExpiry = null; + var $mPermErrors = array(); + var $mApplicableTypes = array(); - function ProtectionForm( &$article ) { + function __construct( &$article ) { global $wgRequest, $wgUser; global $wgRestrictionTypes, $wgRestrictionLevels; $this->mArticle =& $article; $this->mTitle =& $article->mTitle; + $this->mApplicableTypes = $this->mTitle->exists() ? $wgRestrictionTypes : array('create'); if( $this->mTitle ) { - foreach( $wgRestrictionTypes as $action ) { + $this->mTitle->loadRestrictions(); + + foreach( $this->mApplicableTypes as $action ) { // Fixme: this form currently requires individual selections, // but the db allows multiples separated by commas. $this->mRestrictions[$action] = implode( '', $this->mTitle->getRestrictions( $action ) ); } $this->mCascade = $this->mTitle->areRestrictionsCascading(); + + if ( $this->mTitle->mRestrictionsExpiry == 'infinity' ) { + $this->mExpiry = 'infinite'; + } else if ( strlen($this->mTitle->mRestrictionsExpiry) == 0 ) { + $this->mExpiry = ''; + } else { + // FIXME: this format is not user friendly + $this->mExpiry = wfTimestamp( TS_ISO_8601, $this->mTitle->mRestrictionsExpiry ); + } } // The form will be available in read-only to show levels. - $this->disabled = !$wgUser->isAllowed( 'protect' ) || wfReadOnly() || $wgUser->isBlocked(); + $this->disabled = wfReadOnly() || ($this->mPermErrors = $this->mTitle->getUserPermissionsErrors('protect',$wgUser)) != array(); $this->disabledAttrib = $this->disabled ? array( 'disabled' => 'disabled' ) : array(); @@ -52,50 +67,83 @@ class ProtectionForm { if( $wgRequest->wasPosted() ) { $this->mReason = $wgRequest->getText( 'mwProtect-reason' ); $this->mCascade = $wgRequest->getBool( 'mwProtect-cascade' ); - foreach( $wgRestrictionTypes as $action ) { + $this->mExpiry = $wgRequest->getText( 'mwProtect-expiry' ); + + foreach( $this->mApplicableTypes as $action ) { $val = $wgRequest->getVal( "mwProtect-level-$action" ); if( isset( $val ) && in_array( $val, $wgRestrictionLevels ) ) { + //prevent users from setting levels that they cannot later unset + if( $val == 'sysop' ) { + //special case, rewrite sysop to either protect and editprotected + if( !$wgUser->isAllowed('protect') && !$wgUser->isAllowed('editprotected') ) + continue; + } else { + if( !$wgUser->isAllowed($val) ) + continue; + } $this->mRestrictions[$action] = $val; } } } } - function show() { - global $wgOut; + function execute() { + global $wgRequest, $wgOut; + if( $wgRequest->wasPosted() ) { + if( $this->save() ) { + $article = new Article( $this->mTitle ); + $q = $article->isRedirect() ? 'redirect=no' : ''; + $wgOut->redirect( $this->mTitle->getFullUrl( $q ) ); + } + } else { + $this->show(); + } + } - $wgOut->setRobotpolicy( 'noindex,nofollow' ); + function show( $err = null ) { + global $wgOut, $wgUser; + + $wgOut->setRobotPolicy( 'noindex,nofollow' ); if( is_null( $this->mTitle ) || - !$this->mTitle->exists() || $this->mTitle->getNamespace() == NS_MEDIAWIKI ) { $wgOut->showFatalError( wfMsg( 'badarticleerror' ) ); return; } - $cascadeSources = $this->mTitle->getCascadeProtectionSources(); + list( $cascadeSources, /* $restrictions */ ) = $this->mTitle->getCascadeProtectionSources(); + + if ( "" != $err ) { + $wgOut->setSubtitle( wfMsgHtml( 'formerror' ) ); + $wgOut->addHTML( "
{$err}
\n" ); + } - if ( count($cascadeSources) > 0 ) { + if ( $cascadeSources && count($cascadeSources) > 0 ) { $titles = ''; foreach ( $cascadeSources as $title ) { - $titles .= '* ' . $title->getPrefixedText() . "\r\n"; + $titles .= '* [[:' . $title->getPrefixedText() . "]]\n"; } - $wgOut->addWikiText( wfMsgForContent( 'protect-cascadeon', $titles ) ); - } - - if( $this->save() ) { - $wgOut->redirect( $this->mTitle->getFullUrl() ); - return; + $wgOut->wrapWikiMsg( "$1\n$titles", array( 'protect-cascadeon', count($cascadeSources) ) ); } - $wgOut->setPageTitle( wfMsg( 'confirmprotect' ) ); - $wgOut->setSubtitle( wfMsg( 'protectsub', $this->mTitle->getPrefixedText() ) ); + $sk = $wgUser->getSkin(); + $titleLink = $sk->makeLinkObj( $this->mTitle ); + $wgOut->setPageTitle( wfMsg( 'protect-title', $this->mTitle->getPrefixedText() ) ); + $wgOut->setSubtitle( wfMsg( 'protect-backlink', $titleLink ) ); - $wgOut->addWikiText( - wfMsg( $this->disabled ? "protect-viewtext" : "protect-text", - wfEscapeWikiText( $this->mTitle->getPrefixedText() ) ) ); + # Show an appropriate message if the user isn't allowed or able to change + # the protection settings at this time + if( $this->disabled ) { + if( wfReadOnly() ) { + $wgOut->readOnlyPage(); + } elseif( $this->mPermErrors ) { + $wgOut->addWikiText( $wgOut->formatPermissionsErrorMessage( $this->mPermErrors ) ); + } + } else { + $wgOut->addWikiMsg( 'protect-text', $this->mTitle->getPrefixedText() ); + } $wgOut->addHTML( $this->buildForm() ); @@ -104,26 +152,78 @@ class ProtectionForm { function save() { global $wgRequest, $wgUser, $wgOut; - if( !$wgRequest->wasPosted() ) { - return false; - } if( $this->disabled ) { + $this->show(); return false; } $token = $wgRequest->getVal( 'wpEditToken' ); if( !$wgUser->matchEditToken( $token ) ) { - throw new FatalError( wfMsg( 'sessionfailure' ) ); + $this->show( wfMsg( 'sessionfailure' ) ); + return false; + } + + if ( strlen( $this->mExpiry ) == 0 ) { + $this->mExpiry = 'infinite'; + } + + if ( $this->mExpiry == 'infinite' || $this->mExpiry == 'indefinite' ) { + $expiry = Block::infinity(); + } else { + # Convert GNU-style date, on error returns -1 for PHP <5.1 and false for PHP >=5.1 + $expiry = strtotime( $this->mExpiry ); + + if ( $expiry < 0 || $expiry === false ) { + $this->show( wfMsg( 'protect_expiry_invalid' ) ); + return false; + } + + // Fixme: non-qualified absolute times are not in users specified timezone + // and there isn't notice about it in the ui + $expiry = wfTimestamp( TS_MW, $expiry ); + + if ( $expiry < wfTimestampNow() ) { + $this->show( wfMsg( 'protect_expiry_old' ) ); + return false; + } + + } + + # They shouldn't be able to do this anyway, but just to make sure, ensure that cascading restrictions aren't being applied + # to a semi-protected page. + global $wgGroupPermissions; + + $edit_restriction = $this->mRestrictions['edit']; + + if ($this->mCascade && ($edit_restriction != 'protect') && + !(isset($wgGroupPermissions[$edit_restriction]['protect']) && $wgGroupPermissions[$edit_restriction]['protect'] ) ) + $this->mCascade = false; + + if ($this->mTitle->exists()) { + $ok = $this->mArticle->updateRestrictions( $this->mRestrictions, $this->mReason, $this->mCascade, $expiry ); + } else { + $ok = $this->mTitle->updateTitleProtection( $this->mRestrictions['create'], $this->mReason, $expiry ); } - $ok = $this->mArticle->updateRestrictions( $this->mRestrictions, $this->mReason, $this->mCascade ); if( !$ok ) { throw new FatalError( "Unknown error at restriction save time." ); } + + if( $wgRequest->getCheck( 'mwProtectWatch' ) ) { + $this->mArticle->doWatch(); + } elseif( $this->mTitle->userIsWatching() ) { + $this->mArticle->doUnwatch(); + } + return $ok; } + /** + * Build the input form + * + * @return $out string HTML form + */ function buildForm() { global $wgUser; @@ -132,59 +232,98 @@ class ProtectionForm { $out .= $this->buildScript(); // The submission needs to reenable the move permission selector // if it's in locked mode, or some browsers won't submit the data. - $out .= wfOpenElement( 'form', array( - 'action' => $this->mTitle->getLocalUrl( 'action=protect' ), - 'method' => 'post', - 'onsubmit' => 'protectEnable(true)' ) ); - - $out .= wfElement( 'input', array( - 'type' => 'hidden', - 'name' => 'wpEditToken', - 'value' => $wgUser->editToken() ) ); + $out .= Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->mTitle->getLocalUrl( 'action=protect' ), 'id' => 'mw-Protect-Form', 'onsubmit' => 'protectEnable(true)' ) ) . + Xml::hidden( 'wpEditToken',$wgUser->editToken() ); } - $out .= "" . wfMsgHtml( 'restriction-' . $action ) . " | \n"; + $label = Xml::element( 'label', + array( 'for' => "mwProtect-level-$action" ), + wfMsg( 'restriction-' . $action ) ); + $out .= "$label | "; } - $out .= "
---|---|
\n"; - $out .= $this->buildSelector( $action, $selected ); - $out .= " | \n"; + $out .= "" . + $this->buildSelector( $action, $selected ) . + " | "; } $out .= "
" . $this->buildReasonInput() . " | |
" . $this->buildSubmit() . " |