Revert "RollbackAction: Implement AJAX interface and require POST"

This partially reverts commit 9af38c046c.

* The new JS modules continue to exist. While not used by default,
  the mediawiki.api.rollback may be used elsewhere by now.
  The mediawiki.page.rollback module may still be used on cached
  pages and should continue to work.

* The new API behaviour remains.

* To avoid breaking mid-air rollbacks again, the token remains
  the same (plain "rollback" salt). We're not re-introducing the
  web-specific salt again.

Bug: T136375
Change-Id: Iba17ce55ff9506e838bfc6e70ca280e5a20b77b6

diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index 518ace4..d57c8ba 100644 (file)
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -13,7 +13,6 @@ production.
 === New features in 1.28 ===
 * User::isBot() method for checking if an account is a bot role account.
 * Added a new hook, 'UserIsBot', to aid in determining if a user is a bot.
-* (T88044) Implemented one-click rollback handling via AJAX.
 
 === External library changes in 1.28 ===
 

diff --git a/includes/Linker.php b/includes/Linker.php
index 71cb4e4..0b2d3a7 100644 (file)
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -1756,8 +1756,6 @@ class Linker {
         *
         * If the option noBrackets is set the rollback link wont be enclosed in "[]".
         *
-        * See the "mediawiki.page.rollback" module for the client-side handling of this link.
-        *
         * @since 1.16.3. $context added in 1.20. $options added in 1.21
         *
         * @param Revision $rev
@@ -1786,8 +1784,6 @@ class Linker {
                        $inner = $context->msg( 'brackets' )->rawParams( $inner )->escaped();
                }
 
-               $context->getOutput()->addModules( 'mediawiki.page.rollback' );
-
                return '<span class="mw-rollback-link">' . $inner . '</span>';
        }
 
@@ -1882,6 +1878,7 @@ class Linker {
                $query = [
                        'action' => 'rollback',
                        'from' => $rev->getUserText(),
+                       'token' => $context->getUser()->getEditToken( 'rollback' ),
                ];
                $attrs = [
                        'data-mw' => 'interface',

diff --git a/includes/actions/RollbackAction.php b/includes/actions/RollbackAction.php
index e32582e..65159f2 100644 (file)
--- a/includes/actions/RollbackAction.php
+++ b/includes/actions/RollbackAction.php
@@ -25,7 +25,7 @@
  *
  * @ingroup Actions
  */
-class RollbackAction extends FormAction {
+class RollbackAction extends FormlessAction {
 
        public function getName() {
                return 'rollback';
@@ -35,37 +35,20 @@ class RollbackAction extends FormAction {
                return 'rollback';
        }
 
-       protected function preText() {
-               return $this->msg( 'confirm-rollback-top' )->parse();
-       }
-
-       protected function alterForm( HTMLForm $form ) {
-               $form->setSubmitTextMsg( 'confirm-rollback-button' );
-               $form->setTokenSalt( 'rollback' );
-
-               // Copy parameters from GET to confirmation form
-               $from = $this->getRequest()->getVal( 'from' );
-               if ( $from === null ) {
-                       throw new BadRequestError( 'rollbackfailed', 'rollback-missingparam' );
-               }
-               foreach ( [ 'from', 'bot', 'hidediff', 'summary' ] as $param ) {
-                       $val = $this->getRequest()->getVal( $param );
-                       if ( $val !== null ) {
-                               $form->addHiddenField( $param, $val );
-                       }
-               }
-       }
+       /**
+        * Temporarily unused message keys due to T88044/T136375:
+        * - confirm-rollback-top
+        * - confirm-rollback-button
+        * - rollbackfailed
+        * - rollback-missingparam
+        */
 
        /**
-        * This must return true so that HTMLForm::show() will not display the form again after
-        * submission. For rollback, display either the form or the result (success/error)
-        * not both.
-        *
-        * @return bool
         * @throws ErrorPageError
         */
-       public function onSubmit( $data ) {
-               $this->useTransactionalTimeLimit();
+       public function onView() {
+               // TODO: use $this->useTransactionalTimeLimit(); when POST only
+               wfTransactionalTimeLimit();
 
                $request = $this->getRequest();
                $user = $this->getUser();
@@ -86,8 +69,7 @@ class RollbackAction extends FormAction {
                $errors = $this->page->doRollback(
                        $from,
                        $request->getText( 'summary' ),
-                       // Provided by HTMLForm
-                       $request->getVal( 'wpEditToken' ),
+                       $request->getVal( 'token' ),
                        $request->getBool( 'bot' ),
                        $data,
                        $this->getUser()
@@ -163,11 +145,6 @@ class RollbackAction extends FormAction {
                return true;
        }
 
-       public function onSuccess() {
-               // Required by parent class, but redundant because onSubmit already shows
-               // the success message when needed.
-       }
-
        protected function getDescription() {
                return '';
        }