$returnto['returnto'] = $page;
$query = $request->getVal( 'returntoquery', $this->thisquery );
$paramsArray = wfCgiToArray( $query );
- unset( $paramsArray['logoutToken'] );
$query = wfArrayToCgi( $paramsArray );
if ( $query != '' ) {
$returnto['returntoquery'] = $query;
'href' => self::makeSpecialUrl( 'Userlogout',
// Note: userlogout link must always contain an & character, otherwise we might not be able
// to detect a buggy precaching proxy (T19790)
- ( $title->isSpecial( 'Preferences' ) ? [] : $returnto )
- + [ 'logoutToken' => $this->getUser()->getEditToken( 'logoutToken', $this->getRequest() ) ] ),
+ ( $title->isSpecial( 'Preferences' ) ? [] : $returnto ) ),
'active' => false
];
}
*
* @ingroup SpecialPage
*/
-class SpecialUserLogout extends UnlistedSpecialPage {
+class SpecialUserLogout extends FormSpecialPage {
function __construct() {
parent::__construct( 'Userlogout' );
}
return true;
}
- function execute( $par ) {
- /**
- * Some satellite ISPs use broken precaching schemes that log people out straight after
- * they're logged in (T19790). Luckily, there's a way to detect such requests.
- */
- if ( isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], '&' ) !== false ) {
- wfDebug( "Special:UserLogout request {$_SERVER['REQUEST_URI']} looks suspicious, denying.\n" );
- throw new HttpError( 400, $this->msg( 'suspicious-userlogout' ), $this->msg( 'loginerror' ) );
- }
+ public function isListed() {
+ return false;
+ }
- $this->setHeaders();
- $this->outputHeader();
+ protected function getGroupName() {
+ return 'login';
+ }
- $out = $this->getOutput();
- $user = $this->getUser();
- $request = $this->getRequest();
+ protected function getFormFields() {
+ return [];
+ }
- $logoutToken = $request->getVal( 'logoutToken' );
- $urlParams = [
- 'logoutToken' => $user->getEditToken( 'logoutToken', $request )
- ] + $request->getValues();
- unset( $urlParams['title'] );
- $continueLink = $this->getFullTitle()->getFullUrl( $urlParams );
+ protected function getDisplayFormat() {
+ return 'ooui';
+ }
- if ( $logoutToken === null ) {
- $this->getOutput()->addWikiMsg( 'userlogout-continue', $continueLink );
- return;
- }
- if ( !$this->getUser()->matchEditToken(
- $logoutToken, 'logoutToken', $this->getRequest(), 24 * 60 * 60
- ) ) {
- $this->getOutput()->addWikiMsg( 'userlogout-sessionerror', $continueLink );
+ public function execute( $par ) {
+ if ( $this->getUser()->isAnon() ) {
+ $this->setHeaders();
+ $this->showSuccess();
return;
}
+ parent::execute( $par );
+ }
+
+ public function alterForm( HTMLForm $form ) {
+ $form->setTokenSalt( 'logoutToken' );
+ $form->addHeaderText( $this->msg( 'userlogout-continue' ) );
+
+ $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
+ }
+
+ /**
+ * Process the form. At this point we know that the user passes all the criteria in
+ * userCanExecute(), and if the data array contains 'Username', etc, then Username
+ * resets are allowed.
+ * @param array $data
+ * @throws MWException
+ * @throws ThrottledError|PermissionsError
+ * @return Status
+ */
+ public function onSubmit( array $data ) {
// Make sure it's possible to log out
$session = MediaWiki\Session\SessionManager::getGlobalSession();
if ( !$session->canSetUser() ) {
}
$user = $this->getUser();
- $oldName = $user->getName();
$user->logout();
+ return new Status();
+ }
- $loginURL = SpecialPage::getTitleFor( 'Userlogin' )->getFullURL(
- $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
+ public function onSuccess() {
+ $this->showSuccess();
+ $user = $this->getUser();
+ $oldName = $user->getName();
$out = $this->getOutput();
- $out->addWikiMsg( 'logouttext', $loginURL );
-
// Hook.
$injected_html = '';
Hooks::run( 'UserLogoutComplete', [ &$user, &$injected_html, $oldName ] );
$out->addHTML( $injected_html );
+ }
+
+ private function showSuccess() {
+ $loginURL = SpecialPage::getTitleFor( 'Userlogin' )->getFullURL(
+ $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
+
+ $out = $this->getOutput();
+ $out->addWikiMsg( 'logouttext', $loginURL );
$out->returnToMain();
}
- protected function getGroupName() {
- return 'login';
+ /**
+ * Let blocked users to log out and come back with their sockpuppets
+ */
+ public function requiresUnblock() {
+ return false;
}
}