X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=includes%2Fspecialpage%2FFormSpecialPage.php;h=81a0036e836c9711df47ef1b33831f4e794687df;hb=bfc4e41636aca33b943f8522024bd9f8eeac1977;hp=c28c4569655826f7cc4ec503c4d0a8b2c298df08;hpb=a5be382adfdad4678eec18413c6a118cb3284daf;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/specialpage/FormSpecialPage.php b/includes/specialpage/FormSpecialPage.php
index c28c456965..81a0036e83 100644
--- a/includes/specialpage/FormSpecialPage.php
+++ b/includes/specialpage/FormSpecialPage.php
@@ -35,6 +35,12 @@ abstract class FormSpecialPage extends SpecialPage {
 	 */
 	protected $par = null;
 
+	/**
+	 * @var array|null POST data preserved across re-authentication
+	 * @since 1.32
+	 */
+	protected $reauthPostData = null;
+
 	/**
 	 * Get an HTMLForm descriptor array
 	 * @return array
@@ -89,13 +95,31 @@ abstract class FormSpecialPage extends SpecialPage {
 	 * @return HTMLForm|null
 	 */
 	protected function getForm() {
+		$context = $this->getContext();
+		$onSubmit = [ $this, 'onSubmit' ];
+
+		if ( $this->reauthPostData ) {
+			// Restore POST data
+			$context = new DerivativeContext( $context );
+			$oldRequest = $this->getRequest();
+			$context->setRequest( new DerivativeRequest(
+				$oldRequest, $this->reauthPostData + $oldRequest->getQueryValues(), true
+			) );
+
+			// But don't treat it as a "real" submission just in case of some
+			// crazy kind of CSRF.
+			$onSubmit = function () {
+				return false;
+			};
+		}
+
 		$form = HTMLForm::factory(
 			$this->getDisplayFormat(),
 			$this->getFormFields(),
-			$this->getContext(),
+			$context,
 			$this->getMessagePrefix()
 		);
-		$form->setSubmitCallback( [ $this, 'onSubmit' ] );
+		$form->setSubmitCallback( $onSubmit );
 		if ( $this->getDisplayFormat() !== 'ooui' ) {
 			// No legend and wrapper by default in OOUI forms, but can be set manually
 			// from alterForm()
@@ -107,14 +131,15 @@ abstract class FormSpecialPage extends SpecialPage {
 			$form->addHeaderText( $headerMsg->parseAsBlock() );
 		}
 
-		// Retain query parameters (uselang etc)
-		$params = array_diff_key(
-			$this->getRequest()->getQueryValues(), [ 'title' => null ] );
-		$form->addHiddenField( 'redirectparams', wfArrayToCgi( $params ) );
-
 		$form->addPreText( $this->preText() );
 		$form->addPostText( $this->postText() );
 		$this->alterForm( $form );
+		if ( $form->getMethod() == 'post' ) {
+			// Retain query parameters (uselang etc) on POST requests
+			$params = array_diff_key(
+				$this->getRequest()->getQueryValues(), [ 'title' => null ] );
+			$form->addHiddenField( 'redirectparams', wfArrayToCgi( $params ) );
+		}
 
 		// Give hooks a chance to alter the form, adding extra fields or text etc
 		Hooks::run( 'SpecialPageBeforeFormDisplay', [ $this->getName(), &$form ] );
@@ -150,6 +175,11 @@ abstract class FormSpecialPage extends SpecialPage {
 		// This will throw exceptions if there's a problem
 		$this->checkExecutePermissions( $this->getUser() );
 
+		$securityLevel = $this->getLoginSecurityLevel();
+		if ( $securityLevel !== false && !$this->checkLoginSecurityLevel( $securityLevel ) ) {
+			return;
+		}
+
 		$form = $this->getForm();
 		if ( $form->show() ) {
 			$this->onSuccess();
@@ -198,4 +228,14 @@ abstract class FormSpecialPage extends SpecialPage {
 	public function requiresUnblock() {
 		return true;
 	}
+
+	/**
+	 * Preserve POST data across reauthentication
+	 *
+	 * @since 1.32
+	 * @param array $data
+	 */
+	protected function setReauthPostData( array $data ) {
+		$this->reauthPostData = $data;
+	}
 }