<?php
/**
* Provide an administration interface
- * DO NOT USE: INSECURE.
* @package MediaWiki
* @subpackage SpecialPage
*/
global $wgUser;
$this->mPosted = $request->wasPosted();
- $this->mRequest = $request;
+ $this->mRequest =& $request;
$this->mName = 'groups';
$this->mNewName = trim( $request->getText('editgroup-name') );
}
/**
- * Manage forms to be shown according to posted datas.
- * Depending on the submit button used : Call a form or a saving function.
+ * Manage forms to be shown according to posted data
+ * Depending on the submit button used, call a form or a saving function.
*/
function execute() {
global $wgOut;
/**
* Save a group
- * @todo FIXME : Log is incorrect.
*/
function saveGroup() {
global $wgOut;
}
// Create a new group
- $g = new group();
+ $g = new Group();
$g->addToDatabase();
} else {
$add = false;
$g = Group::newFromID($groupID);
$fieldname = 'editgroup';
} else {
- // default datas when we add a group
- $g = new group();
+ // default data when we add a group
+ $g = new Group();
$fieldname = 'addgroup';
}
- $gName = $g->getName();
- $gDescription = $g->getDescription();
+ $gName = htmlspecialchars( $g->getName() );
+ $gDescription = htmlspecialchars( $g->getDescription() );
- $wgOut->addHTML( "<form name=\"editGroup\" action=\"$this->action\" method=\"post\">\n".
+ $wgOut->addHTML( "<form name=\"editGroup\" action=\"{$this->action}\" method=\"post\">\n".
'<input type="hidden" name="editgroup-oldname" value="'.$gName."\" />\n" );
$wgOut->addHTML( $this->fieldset( $fieldname,