https://www.mediawiki.org/wiki/Special:Code/MediaWiki/102007
Revision: 102007
Author: ialex
Date: 2011-11-04 16:40:00 +0000 (Fri, 04 Nov 2011)
Log Message:
-----------
And while I'm at it, move token check to onView() so that if
action=markpatrolled is called without parameters, the user will see
'markedaspatrollederror' error and not 'sessionfailure'
Modified Paths:
--------------
trunk/phase3/includes/actions/MarkpatrolledAction.php
Modified: trunk/phase3/includes/actions/MarkpatrolledAction.php
===================================================================
--- trunk/phase3/includes/actions/MarkpatrolledAction.php 2011-11-04
16:38:05 UTC (rev 102006)
+++ trunk/phase3/includes/actions/MarkpatrolledAction.php 2011-11-04
16:40:00 UTC (rev 102007)
@@ -36,23 +36,22 @@
return '';
}
- protected function checkCanExecute( User $user ) {
- if ( !$user->matchEditToken( $this->getRequest()->getVal(
'token' ), $this->getRequest()->getInt( 'rcid' ) ) ) {
- throw new ErrorPageError( 'sessionfailure-title',
'sessionfailure' );
- }
-
- return parent::checkCanExecute( $user );
- }
-
public function onView() {
- $rc = RecentChange::newFromId( $this->getRequest()->getInt(
'rcid' ) );
+ $request = $this->getRequest();
+ $rcId = $request->getInt( 'rcid' );
+ $rc = RecentChange::newFromId( $rcId );
if ( is_null( $rc ) ) {
throw new ErrorPageError( 'markedaspatrollederror',
'markedaspatrollederrortext' );
}
- $errors = $rc->doMarkPatrolled( $this->getUser() );
+ $user = $this->getUser();
+ if ( !$user->matchEditToken( $request->getVal( 'token' ), $rcId
) ) {
+ throw new ErrorPageError( 'sessionfailure-title',
'sessionfailure' );
+ }
+ $errors = $rc->doMarkPatrolled( $user );
+
if ( in_array( array( 'rcpatroldisabled' ), $errors ) ) {
throw new ErrorPageError( 'rcpatroldisabled',
'rcpatroldisabledtext' );
}
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
