X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fhtmlform%2FHTMLForm.php;h=3c88594eac7d84e1402f2a88172882ac0fd09df3;hb=1abe8200881420e6b3d6d2b9fa42afb58038cf7c;hp=de3e0ae32f475de1ea010256c66d065390586801;hpb=df6e5e0091c1c30cb6bc003b4effff88065b3d06;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/htmlform/HTMLForm.php b/includes/htmlform/HTMLForm.php
index de3e0ae32f..3c88594eac 100644
--- a/includes/htmlform/HTMLForm.php
+++ b/includes/htmlform/HTMLForm.php
@@ -71,6 +71,11 @@
  *    'help-messages'       -- array of message keys/objects. As above, each item can
  *                             be an array of msg key and then parameters.
  *                             Overwrites 'help'.
+ *    'notice'              -- message text for a message to use as a notice in the field.
+ *                             Currently used by OOUI form fields only.
+ *    'notice-messages'     -- array of message keys/objects to use for notice.
+ *                             Overrides 'notice'.
+ *    'notice-message'      -- message key or object to use as a notice.
  *    'required'            -- passed through to the object, indicating that it
  *                             is a required field.
  *    'size'                -- the length of text fields
@@ -169,6 +174,8 @@ class HTMLForm extends ContextSource {
 	protected $mShowReset = false;
 	protected $mShowSubmit = true;
 	protected $mSubmitFlags = [ 'constructive', 'primary' ];
+	protected $mShowCancel = false;
+	protected $mCancelTarget;
 
 	protected $mSubmitCallback;
 	protected $mValidationErrorMessage;
@@ -188,6 +195,7 @@ class HTMLForm extends ContextSource {
 	protected $mSubmitText;
 	protected $mSubmitTooltip;
 
+	protected $mFormIdentifier;
 	protected $mTitle;
 	protected $mMethod = 'post';
 	protected $mWasSubmitted = false;
@@ -267,14 +275,12 @@ class HTMLForm extends ContextSource {
 
 		switch ( $displayFormat ) {
 			case 'vform':
-				$reflector = new ReflectionClass( 'VFormHTMLForm' );
-				return $reflector->newInstanceArgs( $arguments );
+				return ObjectFactory::constructClassInstance( VFormHTMLForm::class, $arguments );
 			case 'ooui':
-				$reflector = new ReflectionClass( 'OOUIHTMLForm' );
-				return $reflector->newInstanceArgs( $arguments );
+				return ObjectFactory::constructClassInstance( OOUIHTMLForm::class, $arguments );
 			default:
-				$reflector = new ReflectionClass( 'HTMLForm' );
-				$form = $reflector->newInstanceArgs( $arguments );
+				/** @var HTMLForm $form */
+				$form = ObjectFactory::constructClassInstance( HTMLForm::class, $arguments );
 				$form->setDisplayFormat( $displayFormat );
 				return $form;
 		}
@@ -348,6 +354,26 @@ class HTMLForm extends ContextSource {
 		$this->mFieldTree = $loadedDescriptor;
 	}
 
+	/**
+	 * @param string $fieldname
+	 * @return bool
+	 */
+	public function hasField( $fieldname ) {
+		return isset( $this->mFlatFields[$fieldname] );
+	}
+
+	/**
+	 * @param string $fieldname
+	 * @return HTMLFormField
+	 * @throws DomainException on invalid field name
+	 */
+	public function getField( $fieldname ) {
+		if ( !$this->hasField( $fieldname ) ) {
+			throw new DomainException( __METHOD__ . ': no field named ' . $fieldname );
+		}
+		return $this->mFlatFields[$fieldname];
+	}
+
 	/**
 	 * Set format in which to display the form
 	 *
@@ -478,7 +504,14 @@ class HTMLForm extends ContextSource {
 		}
 
 		# Load data from the request.
-		$this->loadData();
+		if (
+			$this->mFormIdentifier === null ||
+			$this->getRequest()->getVal( 'wpFormIdentifier' ) === $this->mFormIdentifier
+		) {
+			$this->loadData();
+		} else {
+			$this->mFieldData = [];
+		}
 
 		return $this;
 	}
@@ -490,22 +523,29 @@ class HTMLForm extends ContextSource {
 	public function tryAuthorizedSubmit() {
 		$result = false;
 
-		$submit = false;
+		$identOkay = false;
+		if ( $this->mFormIdentifier === null ) {
+			$identOkay = true;
+		} else {
+			$identOkay = $this->getRequest()->getVal( 'wpFormIdentifier' ) === $this->mFormIdentifier;
+		}
+
+		$tokenOkay = false;
 		if ( $this->getMethod() !== 'post' ) {
-			$submit = true; // no session check needed
+			$tokenOkay = true; // no session check needed
 		} elseif ( $this->getRequest()->wasPosted() ) {
 			$editToken = $this->getRequest()->getVal( 'wpEditToken' );
 			if ( $this->getUser()->isLoggedIn() || $editToken !== null ) {
 				// Session tokens for logged-out users have no security value.
 				// However, if the user gave one, check it in order to give a nice
 				// "session expired" error instead of "permission denied" or such.
-				$submit = $this->getUser()->matchEditToken( $editToken, $this->mTokenSalt );
+				$tokenOkay = $this->getUser()->matchEditToken( $editToken, $this->mTokenSalt );
 			} else {
-				$submit = true;
+				$tokenOkay = true;
 			}
 		}
 
-		if ( $submit ) {
+		if ( $tokenOkay && $identOkay ) {
 			$this->mWasSubmitted = true;
 			$result = $this->trySubmit();
 		}
@@ -1040,6 +1080,12 @@ class HTMLForm extends ContextSource {
 	 */
 	public function getHiddenFields() {
 		$html = '';
+		if ( $this->mFormIdentifier !== null ) {
+			$html .= Html::hidden(
+				'wpFormIdentifier',
+				$this->mFormIdentifier
+			) . "\n";
+		}
 		if ( $this->getMethod() === 'post' ) {
 			$html .= Html::hidden(
 				'wpEditToken',
@@ -1108,6 +1154,21 @@ class HTMLForm extends ContextSource {
 			) . "\n";
 		}
 
+		if ( $this->mShowCancel ) {
+			$target = $this->mCancelTarget ?: Title::newMainPage();
+			if ( $target instanceof Title ) {
+				$target = $target->getLocalURL();
+			}
+			$buttons .= Html::element(
+					'a',
+					[
+						'class' => $useMediaWikiUIEverywhere ? 'mw-ui-button' : null,
+						'href' => $target,
+					],
+					$this->msg( 'cancel' )->text()
+				) . "\n";
+		}
+
 		// IE<8 has bugs with <button>, so we'll need to avoid them.
 		$isBadIE = preg_match( '/MSIE [1-7]\./i', $this->getRequest()->getHeader( 'User-Agent' ) );
 
@@ -1310,6 +1371,27 @@ class HTMLForm extends ContextSource {
 		return $this;
 	}
 
+	/**
+	 * Set an internal identifier for this form. It will be submitted as a hidden form field, allowing
+	 * HTMLForm to determine whether the form was submitted (or merely viewed). Setting this serves
+	 * two purposes:
+	 *
+	 * - If you use two or more forms on one page, it allows HTMLForm to identify which of the forms
+	 *   was submitted, and not attempt to validate the other ones.
+	 * - If you use checkbox or multiselect fields inside a form using the GET method, it allows
+	 *   HTMLForm to distinguish between the initial page view and a form submission with all
+	 *   checkboxes or select options unchecked.
+	 *
+	 * @since 1.28
+	 * @param string $ident
+	 * @return $this
+	 */
+	public function setFormIdentifier( $ident ) {
+		$this->mFormIdentifier = $ident;
+
+		return $this;
+	}
+
 	/**
 	 * Stop a default submit button being shown for this form. This implies that an
 	 * alternate submit method must be provided manually.
@@ -1326,6 +1408,28 @@ class HTMLForm extends ContextSource {
 		return $this;
 	}
 
+	/**
+	 * Show a cancel button (or prevent it). The button is not shown by default.
+	 * @param bool $show
+	 * @return HTMLForm $this for chaining calls
+	 * @since 1.27
+	 */
+	public function showCancel( $show = true ) {
+		$this->mShowCancel = $show;
+		return $this;
+	}
+
+	/**
+	 * Sets the target where the user is redirected to after clicking cancel.
+	 * @param Title|string $target Target as a Title object or an URL
+	 * @return HTMLForm $this for chaining calls
+	 * @since 1.27
+	 */
+	public function setCancelTarget( $target ) {
+		$this->mCancelTarget = $target;
+		return $this;
+	}
+
 	/**
 	 * Set the id of the \<table\> or outermost \<div\> element.
 	 *