From cd56183a37a69531c567932ae96aaed9a2813411 Mon Sep 17 00:00:00 2001
From: Aaron Schulz <aaron@users.mediawiki.org>
Date: Thu, 13 Dec 2007 23:49:17 +0000
Subject: [PATCH] * Add hidden input * Extra validation

---
 includes/SpecialMergeHistory.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/includes/SpecialMergeHistory.php b/includes/SpecialMergeHistory.php
index 05239a10fb..3e57ccec0d 100644
--- a/includes/SpecialMergeHistory.php
+++ b/includes/SpecialMergeHistory.php
@@ -37,6 +37,9 @@ class MergehistoryForm {
 		$this->mTargetID = intval( $request->getVal( 'targetID' ) );
 		$this->mDestID = intval( $request->getVal( 'destID' ) );
 		$this->mTimestamp = $request->getVal( 'mergepoint' );
+		if( !preg_match("/[0-9]{14}/",$this->mTimestamp) ) {
+			$this->mTimestamp = '';
+		}
 		$this->mComment = $request->getText( 'wpComment' );
 		
 		$this->mMerge = $request->wasPosted() && $wgUser->matchEditToken( $request->getVal( 'wpEditToken' ) );
@@ -120,6 +123,7 @@ class MergehistoryForm {
 			Xml::hidden( 'title',
 				SpecialPage::getTitleFor( 'Mergehistory' )->getPrefixedDbKey() ) .
 			Xml::hidden( 'submitted', '1' ) . 
+			Xml::hidden( 'mergepoint', $this->mTimestamp ) . 
 			Xml::openElement( 'table' ) .
 			"<tr>
 				<td>".Xml::label( wfMsg( 'mergehistory-from' ), 'target' )."</td>
@@ -286,6 +290,8 @@ class MergehistoryForm {
 		$destTitle = Title::newFromID( $this->mDestID );
 		if( is_null($targetTitle) || is_null($destTitle) )
 			return false; // validate these
+		if( $targetTitle->getArticleID() == $destTitle->getArticleId() )
+			return false;
 		# Verify that this timestamp is valid
 		# Must be older than the destination page
 		$dbw = wfGetDB( DB_MASTER );
-- 
2.20.1