X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=includes%2Fhtmlform%2FHTMLForm.php;h=a7acd8b988eb65bceae27810c3f195f6ccceae3c;hb=71e4493c864e4f14f1c850c710be017a7198fd2b;hp=e891c9c83260005c5c84fc6c51c3483bbb5be2e1;hpb=f826f2f5f6facdce2c92dcb9e70bb0cf20ff9db0;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/htmlform/HTMLForm.php b/includes/htmlform/HTMLForm.php
index e891c9c832..a7acd8b988 100644
--- a/includes/htmlform/HTMLForm.php
+++ b/includes/htmlform/HTMLForm.php
@@ -71,6 +71,11 @@
  *    'help-messages'       -- array of message keys/objects. As above, each item can
  *                             be an array of msg key and then parameters.
  *                             Overwrites 'help'.
+ *    'notice'              -- message text for a message to use as a notice in the field.
+ *                             Currently used by OOUI form fields only.
+ *    'notice-messages'     -- array of message keys/objects to use for notice.
+ *                             Overrides 'notice'.
+ *    'notice-message'      -- message key or object to use as a notice.
  *    'required'            -- passed through to the object, indicating that it
  *                             is a required field.
  *    'size'                -- the length of text fields
@@ -169,6 +174,8 @@ class HTMLForm extends ContextSource {
 	protected $mShowReset = false;
 	protected $mShowSubmit = true;
 	protected $mSubmitFlags = [ 'constructive', 'primary' ];
+	protected $mShowCancel = false;
+	protected $mCancelTarget;
 
 	protected $mSubmitCallback;
 	protected $mValidationErrorMessage;
@@ -188,6 +195,7 @@ class HTMLForm extends ContextSource {
 	protected $mSubmitText;
 	protected $mSubmitTooltip;
 
+	protected $mFormIdentifier;
 	protected $mTitle;
 	protected $mMethod = 'post';
 	protected $mWasSubmitted = false;
@@ -478,7 +486,14 @@ class HTMLForm extends ContextSource {
 		}
 
 		# Load data from the request.
-		$this->loadData();
+		if (
+			$this->mFormIdentifier === null ||
+			$this->getRequest()->getVal( 'wpFormIdentifier' ) === $this->mFormIdentifier
+		) {
+			$this->loadData();
+		} else {
+			$this->mFieldData = [];
+		}
 
 		return $this;
 	}
@@ -490,22 +505,29 @@ class HTMLForm extends ContextSource {
 	public function tryAuthorizedSubmit() {
 		$result = false;
 
-		$submit = false;
+		$identOkay = false;
+		if ( $this->mFormIdentifier === null ) {
+			$identOkay = true;
+		} else {
+			$identOkay = $this->getRequest()->getVal( 'wpFormIdentifier' ) === $this->mFormIdentifier;
+		}
+
+		$tokenOkay = false;
 		if ( $this->getMethod() !== 'post' ) {
-			$submit = true; // no session check needed
+			$tokenOkay = true; // no session check needed
 		} elseif ( $this->getRequest()->wasPosted() ) {
 			$editToken = $this->getRequest()->getVal( 'wpEditToken' );
 			if ( $this->getUser()->isLoggedIn() || $editToken !== null ) {
 				// Session tokens for logged-out users have no security value.
 				// However, if the user gave one, check it in order to give a nice
 				// "session expired" error instead of "permission denied" or such.
-				$submit = $this->getUser()->matchEditToken( $editToken, $this->mTokenSalt );
+				$tokenOkay = $this->getUser()->matchEditToken( $editToken, $this->mTokenSalt );
 			} else {
-				$submit = true;
+				$tokenOkay = true;
 			}
 		}
 
-		if ( $submit ) {
+		if ( $tokenOkay && $identOkay ) {
 			$this->mWasSubmitted = true;
 			$result = $this->trySubmit();
 		}
@@ -894,6 +916,7 @@ class HTMLForm extends ContextSource {
 	 *  - id: (string, optional) DOM id for the button.
 	 *  - attribs: (array, optional) Additional HTML attributes.
 	 *  - flags: (string|string[], optional) OOUI flags.
+	 *  - framed: (boolean=true, optional) OOUI framed attribute.
 	 * @return HTMLForm $this for chaining calls (since 1.20)
 	 */
 	public function addButton( $data ) {
@@ -922,6 +945,7 @@ class HTMLForm extends ContextSource {
 			'id' => null,
 			'attribs' => null,
 			'flags' => null,
+			'framed' => true,
 		];
 
 		return $this;
@@ -1038,6 +1062,12 @@ class HTMLForm extends ContextSource {
 	 */
 	public function getHiddenFields() {
 		$html = '';
+		if ( $this->mFormIdentifier !== null ) {
+			$html .= Html::hidden(
+				'wpFormIdentifier',
+				$this->mFormIdentifier
+			) . "\n";
+		}
 		if ( $this->getMethod() === 'post' ) {
 			$html .= Html::hidden(
 				'wpEditToken',
@@ -1106,6 +1136,21 @@ class HTMLForm extends ContextSource {
 			) . "\n";
 		}
 
+		if ( $this->mShowCancel ) {
+			$target = $this->mCancelTarget ?: Title::newMainPage();
+			if ( $target instanceof Title ) {
+				$target = $target->getLocalURL();
+			}
+			$buttons .= Html::element(
+					'a',
+					[
+						'class' => $useMediaWikiUIEverywhere ? 'mw-ui-button' : null,
+						'href' => $target,
+					],
+					$this->msg( 'cancel' )->text()
+				) . "\n";
+		}
+
 		// IE<8 has bugs with <button>, so we'll need to avoid them.
 		$isBadIE = preg_match( '/MSIE [1-7]\./i', $this->getRequest()->getHeader( 'User-Agent' ) );
 
@@ -1308,6 +1353,27 @@ class HTMLForm extends ContextSource {
 		return $this;
 	}
 
+	/**
+	 * Set an internal identifier for this form. It will be submitted as a hidden form field, allowing
+	 * HTMLForm to determine whether the form was submitted (or merely viewed). Setting this serves
+	 * two purposes:
+	 *
+	 * - If you use two or more forms on one page, it allows HTMLForm to identify which of the forms
+	 *   was submitted, and not attempt to validate the other ones.
+	 * - If you use checkbox or multiselect fields inside a form using the GET method, it allows
+	 *   HTMLForm to distinguish between the initial page view and a form submission with all
+	 *   checkboxes or select options unchecked.
+	 *
+	 * @since 1.28
+	 * @param string $ident
+	 * @return $this
+	 */
+	public function setFormIdentifier( $ident ) {
+		$this->mFormIdentifier = $ident;
+
+		return $this;
+	}
+
 	/**
 	 * Stop a default submit button being shown for this form. This implies that an
 	 * alternate submit method must be provided manually.
@@ -1324,6 +1390,28 @@ class HTMLForm extends ContextSource {
 		return $this;
 	}
 
+	/**
+	 * Show a cancel button (or prevent it). The button is not shown by default.
+	 * @param bool $show
+	 * @return HTMLForm $this for chaining calls
+	 * @since 1.27
+	 */
+	public function showCancel( $show = true ) {
+		$this->mShowCancel = $show;
+		return $this;
+	}
+
+	/**
+	 * Sets the target where the user is redirected to after clicking cancel.
+	 * @param Title|string $target Target as a Title object or an URL
+	 * @return HTMLForm $this for chaining calls
+	 * @since 1.27
+	 */
+	public function setCancelTarget( $target ) {
+		$this->mCancelTarget = $target;
+		return $this;
+	}
+
 	/**
 	 * Set the id of the \<table\> or outermost \<div\> element.
 	 *