summaryrefslogtreecommitdiff
path: root/includes/specials/SpecialUndelete.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/specials/SpecialUndelete.php')
-rw-r--r--includes/specials/SpecialUndelete.php35
1 files changed, 32 insertions, 3 deletions
diff --git a/includes/specials/SpecialUndelete.php b/includes/specials/SpecialUndelete.php
index fbbf89d6..d862ebb3 100644
--- a/includes/specials/SpecialUndelete.php
+++ b/includes/specials/SpecialUndelete.php
@@ -571,7 +571,7 @@ class PageArchive {
*/
class UndeleteForm {
var $mAction, $mTarget, $mTimestamp, $mRestore, $mTargetObj;
- var $mTargetTimestamp, $mAllowed, $mComment;
+ var $mTargetTimestamp, $mAllowed, $mComment, $mToken;
function UndeleteForm( $request, $par = "" ) {
global $wgUser;
@@ -589,6 +589,7 @@ class UndeleteForm {
$this->mDiff = $request->getCheck( 'diff' );
$this->mComment = $request->getText( 'wpComment' );
$this->mUnsuppress = $request->getVal( 'wpUnsuppress' ) && $wgUser->isAllowed( 'suppressrevision' );
+ $this->mToken = $request->getVal( 'token' );
if( $par != "" ) {
$this->mTarget = $par;
@@ -655,6 +656,9 @@ class UndeleteForm {
if( !$file->userCan( File::DELETED_FILE ) ) {
$wgOut->permissionRequired( 'suppressrevision' );
return false;
+ } elseif ( !$wgUser->matchEditToken( $this->mToken, $this->mFile ) ) {
+ $this->showFileConfirmationForm( $this->mFile );
+ return false;
} else {
return $this->showFile( $this->mFile );
}
@@ -880,6 +884,29 @@ class UndeleteForm {
}
/**
+ * Show a form confirming whether a tokenless user really wants to see a file
+ */
+ private function showFileConfirmationForm( $key ) {
+ global $wgOut, $wgUser, $wgLang;
+ $file = new ArchivedFile( $this->mTargetObj, '', $this->mFile );
+ $wgOut->addWikiMsg( 'undelete-show-file-confirm',
+ $this->mTargetObj->getText(),
+ $wgLang->timeanddate( $file->getTimestamp() ) );
+ $wgOut->addHTML(
+ Xml::openElement( 'form', array(
+ 'method' => 'POST',
+ 'action' => SpecialPage::getTitleFor( 'Undelete' )->getLocalUrl(
+ 'target=' . urlencode( $this->mTarget ) .
+ '&file=' . urlencode( $key ) .
+ '&token=' . urlencode( $wgUser->editToken( $key ) ) )
+ )
+ ) .
+ Xml::submitButton( wfMsg( 'undelete-show-file-submit' ) ) .
+ '</form>'
+ );
+ }
+
+ /**
* Show a deleted file version requested by the visitor.
*/
private function showFile( $key ) {
@@ -1191,13 +1218,15 @@ class UndeleteForm {
* @return string
*/
function getFileLink( $file, $titleObj, $ts, $key, $sk ) {
- global $wgLang;
+ global $wgLang, $wgUser;
if( !$file->userCan(File::DELETED_FILE) ) {
return '<span class="history-deleted">' . $wgLang->timeanddate( $ts, true ) . '</span>';
} else {
$link = $sk->makeKnownLinkObj( $titleObj, $wgLang->timeanddate( $ts, true ),
- "target=".$this->mTargetObj->getPrefixedUrl()."&file=$key" );
+ "target=".$this->mTargetObj->getPrefixedUrl().
+ "&file=$key" .
+ "&token=" . urlencode( $wgUser->editToken( $key ) ) );
if( $file->isDeleted(File::DELETED_FILE) )
$link = '<span class="history-deleted">' . $link . '</span>';
return $link;
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-29 13:43:23 +0000