http://www.mediawiki.org/wiki/Special:Code/MediaWiki/96134
Revision: 96134
Author: preilly
Date: 2011-09-02 18:00:42 +0000 (Fri, 02 Sep 2011)
Log Message:
-----------
add edit token and user can edit checks and make sure user is not blocked
Modified Paths:
--------------
trunk/extensions/MobileFrontend/MobileFrontend.php
trunk/extensions/MobileFrontend/views/information/leave_feedback.html.php
Modified: trunk/extensions/MobileFrontend/MobileFrontend.php
===================================================================
--- trunk/extensions/MobileFrontend/MobileFrontend.php 2011-09-02 18:00:09 UTC
(rev 96133)
+++ trunk/extensions/MobileFrontend/MobileFrontend.php 2011-09-02 18:00:42 UTC
(rev 96134)
@@ -65,7 +65,7 @@
);
class ExtMobileFrontend {
- const VERSION = '0.5.52';
+ const VERSION = '0.5.53';
/**
* @var DOMDocument
@@ -335,12 +335,19 @@
$subject = htmlspecialchars( $wgRequest->getText(
'subject', '' ) );
$message = htmlspecialchars( $wgRequest->getText(
'message', '' ) );
+ $token = htmlspecialchars( $wgRequest->getText(
'edittoken', '' ) );
$title = Title::newFromText( 'MobileFrontend Extension
Feedback' );
- $article = new Article( $title, 0 );
- $rawtext = $article->getRawText();
- $rawtext .= "\n== {$subject} == \n {$message} ~~~~ \n
<small>User agent: {$userAgent}</small> ";
- $article->doEdit( $rawtext, '' );
+
+ if ( $title->userCan( 'edit' ) &&
+ !$wgUser->isBlockedFrom( $title ) &&
+ $wgUser->matchEditToken( $token ) ) {
+ $article = new Article( $title, 0 );
+ $rawtext = $article->getRawText();
+ $rawtext .= "\n== {$subject} == \n {$message}
~~~~ \n <small>User agent: {$userAgent}</small> ";
+ $article->doEdit( $rawtext, '' );
+ }
+
$location = str_replace(
'&mobileaction=leave_feedback_post', '', $wgRequest->getFullRequestURL() );
$wgRequest->response()->header( 'Location: ' .
$location );
wfProfileOut( __METHOD__ );
@@ -469,10 +476,11 @@
}
private function renderLeaveFeedbackXHTML() {
- global $wgRequest;
+ global $wgRequest, $wgUser;
wfProfileIn( __METHOD__ );
if ( $this->contentFormat == 'XHTML' ) {
$this->getMsg();
+ $editToken = $wgUser->editToken();
$title =
self::$messages['mobile-frontend-leave-feedback-title'];
$notice =
self::$messages['mobile-frontend-leave-feedback-notice'];
Modified:
trunk/extensions/MobileFrontend/views/information/leave_feedback.html.php
===================================================================
--- trunk/extensions/MobileFrontend/views/information/leave_feedback.html.php
2011-09-02 18:00:09 UTC (rev 96133)
+++ trunk/extensions/MobileFrontend/views/information/leave_feedback.html.php
2011-09-02 18:00:42 UTC (rev 96134)
@@ -4,6 +4,7 @@
$leaveFeedbackHtml = <<<EOT
<form action='{$feedbackPostURL}' method='post'>
+<input type="hidden" name="edittoken" value="{$editToken}"/>
<div tabindex="-1">
<div unselectable="on">
<span unselectable="on"><p>{$title}</p></span>
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
