}
/**
- * Indicates whether this module needs a token to preform the request
+ * Returns the token salt if there is one, null if the module doesn't require a salt, else false if the module doesn't need a token
* @returns bool
*/
- public function requiresToken() {
+ public function getTokenSalt() {
return false;
}
$ret[] = array ( 'writedisabled' );
}
- if ( $this->requiresToken() ) {
+ if ( $this->getTokenSalt() != false ) {
$ret[] = array( 'missingparam', 'token' );
}
if ( is_null( $params['user'] ) )
$this->dieUsageMsg( array( 'missingparam', 'user' ) );
- if ( !$wgUser->matchEditToken( $params['token'] ) )
- $this->dieUsageMsg( array( 'sessionfailure' ) );
if ( !$wgUser->isAllowed( 'block' ) )
$this->dieUsageMsg( array( 'cantblock' ) );
if ( $params['hidename'] && !$wgUser->isAllowed( 'hideuser' ) )
public function getPossibleErrors() {
return array_merge( parent::getPossibleErrors(), array(
array( 'missingparam', 'user' ),
- array( 'sessionfailure' ),
array( 'cantblock' ),
array( 'canthide' ),
array( 'cantblock-email' ),
) );
}
- public function requiresToken() {
- return true;
+ public function getTokenSalt() {
+ return null;
}
protected function getExamples() {
* result object.
*/
public function execute() {
- global $wgUser;
+ global $wgUser;
+
$params = $this->extractRequestParams();
$this->requireOnlyOneParameter( $params, 'title', 'pageid' );
if ( count( $retval ) )
$this->dieUsageMsg( reset( $retval ) ); // We don't care about multiple errors, just report one of them
-
+
if ( $params['watch'] || $wgUser->getOption( 'watchdeletion' ) )
$articleObj->doWatch();
else if ( $params['unwatch'] )
// Check permissions
$errors = $title->getUserPermissionsErrors( 'delete', $wgUser );
if ( count( $errors ) > 0 ) return $errors;
-
- // Check token
- if ( !$wgUser->matchEditToken( $token ) )
- return array( array( 'sessionfailure' ) );
+
return array();
}
) );
}
- public function requiresToken() {
- return true;
+ public function getTokenSalt() {
+ return null;
}
protected function getExamples() {
$params['undo'] == 0 )
$this->dieUsageMsg( array( 'missingtext' ) );
- if ( !$wgUser->matchEditToken( $params['token'] ) )
- $this->dieUsageMsg( array( 'sessionfailure' ) );
-
$titleObj = Title::newFromText( $params['title'] );
if ( !$titleObj || $titleObj->isExternal() )
$this->dieUsageMsg( array( 'invalidtitle', $params['title'] ) );
return array_merge( parent::getPossibleErrors(), array(
array( 'missingparam', 'title' ),
array( 'missingtext' ),
- array( 'sessionfailure' ),
array( 'invalidtitle', 'title' ),
array( 'createonly-exists' ),
array( 'nocreate-missing' ),
);
}
- public function requiresToken() {
- return true;
+ public function getTokenSalt() {
+ return null;
}
protected function getExamples() {
) );
}
- public function requiresToken() {
- return true;
+ public function getTokenSalt() {
+ return null;
}
protected function getExamples() {
if ( !$wgUser->isAllowed( 'import' ) )
$this->dieUsageMsg( array( 'cantimport' ) );
$params = $this->extractRequestParams();
- if ( !$wgUser->matchEditToken( $params['token'] ) )
- $this->dieUsageMsg( array( 'sessionfailure' ) );
$source = null;
$isUpload = false;
public function getPossibleErrors() {
return array_merge( parent::getPossibleErrors(), array(
array( 'cantimport' ),
- array( 'sessionfailure' ),
array( 'missingparam', 'interwikipage' ),
array( 'cantimport-upload' ),
array( 'import-unknownerror', 'source' ),
) );
}
- public function requiresToken() {
- return true;
+ public function getTokenSalt() {
+ return null;
}
protected function getExamples() {
$this->getResult()->addValue( null, 'requestid', $requestid );
$params = $this->extractRequestParams();
-
+
$this->mShowVersions = $params['version'];
$this->mAction = $params['action'];
$module = new $this->mModules[$this->mAction] ( $this, $this->mAction );
$this->mModule = $module;
+ $moduleParams = $module->extractRequestParams();
+
//Die if token required, but not provided (unless there is a gettoken parameter)
- if ( $module->requiresToken() && !isset( $params['token'] ) && isset( $params['gettoken'] ) )
- $this->dieUsageMsg( array( 'missingparam', 'token' ) );
+ $salt = $module->getTokenSalt();
+ if ( $salt != false )
+ {
+ if ( !isset( $moduleParams['token'] ) && !isset( $moduleParams['gettoken'] ) ) {
+ $this->dieUsageMsg( array( 'missingparam', 'token' ) );
+ } else {
+ global $wgUser;
+ if ( ( $salt != null /*&& !$wgUser->matchEditToken( $moduleParams['token'], $salt )*/ )
+ /*|| !$wgUser->matchEditToken( $moduleParams['token'] )*/ ) {
+ $this->dieUsageMsg( array( 'sessionfailure' ) );
+ }
+ }
+ }
if ( $module->shouldCheckMaxlag() && isset( $params['maxlag'] ) ) {
// Check for maxlag
$this->requireOnlyOneParameter( $params, 'from', 'fromid' );
if ( !isset( $params['to'] ) )
$this->dieUsageMsg( array( 'missingparam', 'to' ) );
- if ( !$wgUser->matchEditToken( $params['token'] ) )
- $this->dieUsageMsg( array( 'sessionfailure' ) );
if ( isset( $params['from'] ) )
{
public function getPossibleErrors() {
return array_merge( parent::getPossibleErrors(), array(
array( 'missingparam', 'to' ),
- array( 'sessionfailure' ),
array( 'invalidtitle', 'from' ),
array( 'nosuchpageid', 'fromid' ),
array( 'notanarticle' ),
) );
}
- public function requiresToken() {
- return true;
+ public function getTokenSalt() {
+ return null;
}
protected function getExamples() {
* Patrols the article or provides the reason the patrol failed.
*/
public function execute() {
- global $wgUser;
$params = $this->extractRequestParams();
if ( !isset( $params['rcid'] ) )
$this->dieUsageMsg( array( 'missingparam', 'rcid' ) );
- if ( !$wgUser->matchEditToken( $params['token'] ) )
- $this->dieUsageMsg( array( 'sessionfailure' ) );
$rc = RecentChange::newFromID( $params['rcid'] );
if ( !$rc instanceof RecentChange )
public function getPossibleErrors() {
return array_merge( parent::getPossibleErrors(), array(
array( 'missingparam', 'rcid' ),
- array( 'sessionfailure' ),
array( 'nosuchrcid', 'rcid' ),
) );
}
- public function requiresToken() {
- return true;
+ public function getTokenSalt() {
+ return null;
}
protected function getExamples() {
if ( empty( $params['protections'] ) )
$this->dieUsageMsg( array( 'missingparam', 'protections' ) );
- if ( !$wgUser->matchEditToken( $params['token'] ) )
- $this->dieUsageMsg( array( 'sessionfailure' ) );
-
$titleObj = Title::newFromText( $params['title'] );
if ( !$titleObj )
$this->dieUsageMsg( array( 'invalidtitle', $params['title'] ) );
return array_merge( parent::getPossibleErrors(), array(
array( 'missingparam', 'title' ),
array( 'missingparam', 'protections' ),
- array( 'sessionfailure' ),
array( 'invalidtitle', 'title' ),
array( 'toofewexpiries', 'noofexpiries', 'noofprotections' ),
array( 'create-titleexists' ),
) );
}
- public function requiresToken() {
- return true;
+ public function getTokenSalt() {
+ return null;
}
protected function getExamples() {
) );
}
- public function requiresToken() {
- return true;
+ public function getTokenSalt() {
+ return null;
}
protected function getExamples() {
$this->dieUsageMsg( array( 'unblock-notarget' ) );
if ( !is_null( $params['id'] ) && !is_null( $params['user'] ) )
$this->dieUsageMsg( array( 'unblock-idanduser' ) );
- if ( !$wgUser->matchEditToken( $params['token'] ) )
- $this->dieUsageMsg( array( 'sessionfailure' ) );
+
if ( !$wgUser->isAllowed( 'block' ) )
$this->dieUsageMsg( array( 'cantunblock' ) );
return array_merge( parent::getPossibleErrors(), array(
array( 'unblock-notarget' ),
array( 'unblock-idanduser' ),
- array( 'sessionfailure' ),
array( 'cantunblock' ),
) );
}
- public function requiresToken() {
- return true;
+ public function getTokenSalt() {
+ return null;
}
protected function getExamples() {
if ( $wgUser->isBlocked() )
$this->dieUsageMsg( array( 'blockedtext' ) );
- if ( !$wgUser->matchEditToken( $params['token'] ) )
- $this->dieUsageMsg( array( 'sessionfailure' ) );
-
$titleObj = Title::newFromText( $params['title'] );
if ( !$titleObj )
$this->dieUsageMsg( array( 'invalidtitle', $params['title'] ) );
array( 'missingparam', 'title' ),
array( 'permdenied-undelete' ),
array( 'blockedtext' ),
- array( 'sessionfailure' ),
array( 'invalidtitle', 'title' ),
array( 'cannotundelete' ),
) );
}
- public function requiresToken() {
- return true;
+ public function getTokenSalt() {
+ return null;
}
protected function getExamples() {
$this->mParams = $this->extractRequestParams();
$request = $this->getMain()->getRequest();
- // Do token checks:
- if ( !$wgUser->matchEditToken( $this->mParams['token'] ) )
- $this->dieUsageMsg( array( 'sessionfailure' ) );
-
// Add the uploaded file to the params array
$this->mParams['file'] = $request->getFileName( 'file' );
public function getPossibleErrors() {
return array_merge( parent::getPossibleErrors(), array(
array( 'uploaddisabled' ),
- array( 'sessionfailure' ),
array( 'invalid-session-key' ),
array( 'uploaddisabled' ),
array( 'badaccess-groups' ),
) );
}
- public function requiresToken() {
- return true;
+ public function getTokenSalt() {
+ return null;
}
protected function getExamples() {
}
public function execute() {
- global $wgUser;
$params = $this->extractRequestParams();
- if ( is_null( $params['user'] ) )
- $this->dieUsageMsg( array( 'missingparam', 'user' ) );
-
+
+ //User already validated in call to getTokenSalt from Main
$form = new UserrightsPage;
$user = $form->fetchUser( $params['user'] );
- if ( $user instanceof WikiErrorMsg )
- $this->dieUsageMsg( array_merge(
- (array)$user->getMessageKey(), $user->getMessageArgs() ) );
-
- if ( !$wgUser->matchEditToken( $params['token'], $user->getName() ) )
- $this->dieUsageMsg( array( 'sessionfailure' ) );
$r['user'] = $user->getName();
list( $r['added'], $r['removed'] ) =
public function getPossibleErrors() {
return array_merge( parent::getPossibleErrors(), array(
array( 'missingparam', 'user' ),
- array( 'sessionfailure' ),
) );
}
- public function requiresToken() {
- return true;
+ public function getTokenSalt() {
+ $params = $this->extractRequestParams();
+ if ( is_null( $params['user'] ) )
+ $this->dieUsageMsg( array( 'missingparam', 'user' ) );
+
+ $form = new UserrightsPage;
+ $user = $form->fetchUser( $params['user'] );
+ if ( $user instanceof WikiErrorMsg )
+ $this->dieUsageMsg( array_merge(
+ (array)$user->getMessageKey(), $user->getMessageArgs() ) );
+
+ return $user->getName();
}
protected function getExamples() {