X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=includes%2Fspecials%2FSpecialUserLogout.php;h=62010d9fd6a0ecc41c16b574609f6b9938979955;hp=568327d25b239c457620f502b1bd6accdd56fe8b;hb=9c7f6734c397a954b8eaa5ec73876f2b4bf92afb;hpb=9792a09c306a6604a127a3a06f7b10cbc7e7a23f diff --git a/includes/specials/SpecialUserLogout.php b/includes/specials/SpecialUserLogout.php index 568327d25b..62010d9fd6 100644 --- a/includes/specials/SpecialUserLogout.php +++ b/includes/specials/SpecialUserLogout.php @@ -26,7 +26,7 @@ * * @ingroup SpecialPage */ -class SpecialUserLogout extends UnlistedSpecialPage { +class SpecialUserLogout extends FormSpecialPage { function __construct() { parent::__construct( 'Userlogout' ); } @@ -35,41 +35,49 @@ class SpecialUserLogout extends UnlistedSpecialPage { return true; } - function execute( $par ) { - /** - * Some satellite ISPs use broken precaching schemes that log people out straight after - * they're logged in (T19790). Luckily, there's a way to detect such requests. - */ - if ( isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], '&' ) !== false ) { - wfDebug( "Special:UserLogout request {$_SERVER['REQUEST_URI']} looks suspicious, denying.\n" ); - throw new HttpError( 400, $this->msg( 'suspicious-userlogout' ), $this->msg( 'loginerror' ) ); - } + public function isListed() { + return false; + } - $this->setHeaders(); - $this->outputHeader(); + protected function getGroupName() { + return 'login'; + } - $out = $this->getOutput(); - $user = $this->getUser(); - $request = $this->getRequest(); + protected function getFormFields() { + return []; + } - $logoutToken = $request->getVal( 'logoutToken' ); - $urlParams = [ - 'logoutToken' => $user->getEditToken( 'logoutToken', $request ) - ] + $request->getValues(); - unset( $urlParams['title'] ); - $continueLink = $this->getFullTitle()->getFullUrl( $urlParams ); + protected function getDisplayFormat() { + return 'ooui'; + } - if ( $logoutToken === null ) { - $this->getOutput()->addWikiMsg( 'userlogout-continue', $continueLink ); - return; - } - if ( !$this->getUser()->matchEditToken( - $logoutToken, 'logoutToken', $this->getRequest(), 24 * 60 * 60 - ) ) { - $this->getOutput()->addWikiMsg( 'userlogout-sessionerror', $continueLink ); + public function execute( $par ) { + if ( $this->getUser()->isAnon() ) { + $this->setHeaders(); + $this->showSuccess(); return; } + parent::execute( $par ); + } + + public function alterForm( HTMLForm $form ) { + $form->setTokenSalt( 'logoutToken' ); + $form->addHeaderText( $this->msg( 'userlogout-continue' ) ); + + $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) ); + } + + /** + * Process the form. At this point we know that the user passes all the criteria in + * userCanExecute(), and if the data array contains 'Username', etc, then Username + * resets are allowed. + * @param array $data + * @throws MWException + * @throws ThrottledError|PermissionsError + * @return Status + */ + public function onSubmit( array $data ) { // Make sure it's possible to log out $session = MediaWiki\Session\SessionManager::getGlobalSession(); if ( !$session->canSetUser() ) { @@ -83,25 +91,37 @@ class SpecialUserLogout extends UnlistedSpecialPage { } $user = $this->getUser(); - $oldName = $user->getName(); $user->logout(); + return new Status(); + } - $loginURL = SpecialPage::getTitleFor( 'Userlogin' )->getFullURL( - $this->getRequest()->getValues( 'returnto', 'returntoquery' ) ); + public function onSuccess() { + $this->showSuccess(); + $user = $this->getUser(); + $oldName = $user->getName(); $out = $this->getOutput(); - $out->addWikiMsg( 'logouttext', $loginURL ); - // Hook. $injected_html = ''; Hooks::run( 'UserLogoutComplete', [ &$user, &$injected_html, $oldName ] ); $out->addHTML( $injected_html ); + } + + private function showSuccess() { + $loginURL = SpecialPage::getTitleFor( 'Userlogin' )->getFullURL( + $this->getRequest()->getValues( 'returnto', 'returntoquery' ) ); + + $out = $this->getOutput(); + $out->addWikiMsg( 'logouttext', $loginURL ); $out->returnToMain(); } - protected function getGroupName() { - return 'login'; + /** + * Let blocked users to log out and come back with their sockpuppets + */ + public function requiresUnblock() { + return false; } }