diff options
Diffstat (limited to 'includes/specials/SpecialImport.php')
-rw-r--r-- | includes/specials/SpecialImport.php | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/includes/specials/SpecialImport.php b/includes/specials/SpecialImport.php index 4c37f1f9..1623245d 100644 --- a/includes/specials/SpecialImport.php +++ b/includes/specials/SpecialImport.php @@ -43,26 +43,30 @@ function wfSpecialImport( $page = '' ) { if( $wgRequest->wasPosted() && $wgRequest->getVal( 'action' ) == 'submit') { $isUpload = false; $namespace = $wgRequest->getIntOrNull( 'namespace' ); + $sourceName = $wgRequest->getVal( "source" ); - switch( $wgRequest->getVal( "source" ) ) { - case "upload": + if ( !$wgUser->matchEditToken( $wgRequest->getVal( 'editToken' ) ) ) { + $source = new WikiErrorMsg( 'import-token-mismatch' ); + } elseif ( $sourceName == 'upload' ) { $isUpload = true; if( $wgUser->isAllowed( 'importupload' ) ) { $source = ImportStreamSource::newFromUpload( "xmlimport" ); } else { return $wgOut->permissionRequired( 'importupload' ); } - break; - case "interwiki": + } elseif ( $sourceName == "interwiki" ) { $interwiki = $wgRequest->getVal( 'interwiki' ); - $history = $wgRequest->getCheck( 'interwikiHistory' ); - $frompage = $wgRequest->getText( "frompage" ); - $source = ImportStreamSource::newFromInterwiki( - $interwiki, - $frompage, - $history ); - break; - default: + if ( !in_array( $interwiki, $wgImportSources ) ) { + $source = new WikiErrorMsg( "import-invalid-interwiki" ); + } else { + $history = $wgRequest->getCheck( 'interwikiHistory' ); + $frompage = $wgRequest->getText( "frompage" ); + $source = ImportStreamSource::newFromInterwiki( + $interwiki, + $frompage, + $history ); + } + } else { $source = new WikiErrorMsg( "importunknownsource" ); } @@ -106,6 +110,7 @@ function wfSpecialImport( $page = '' ) { Xml::hidden( 'action', 'submit' ) . Xml::hidden( 'source', 'upload' ) . Xml::input( 'xmlimport', 50, '', array( 'type' => 'file' ) ) . ' ' . + Xml::hidden( 'editToken', $wgUser->editToken() ) . Xml::submitButton( wfMsg( 'uploadbtn' ) ) . Xml::closeElement( 'form' ) . Xml::closeElement( 'fieldset' ) @@ -124,6 +129,7 @@ function wfSpecialImport( $page = '' ) { wfMsgExt( 'import-interwiki-text', array( 'parse' ) ) . Xml::hidden( 'action', 'submit' ) . Xml::hidden( 'source', 'interwiki' ) . + Xml::hidden( 'editToken', $wgUser->editToken() ) . Xml::openElement( 'table', array( 'id' => 'mw-import-table' ) ) . "<tr> <td>" . |