$pager->getBody() .
$pager->getNavigationBar()
);
+ $wgOut->preventClickjacking( $pager->getPreventClickjacking() );
wfProfileOut( __METHOD__ );
}
class HistoryPager extends ReverseChronologicalPager {
public $lastRow = false, $counter, $historyPage, $title, $buttons, $conds;
protected $oldIdChecked;
+ protected $preventClickjacking = false;
function __construct( $historyPage, $year = '', $month = '', $tagFilter = '', $conds = array() ) {
parent::__construct();
* @return string HTML output
*/
function getStartBody() {
- global $wgScript, $wgUser, $wgOut, $wgContLang;
+ global $wgScript, $wgUser, $wgOut;
$this->lastRow = false;
$this->counter = 1;
$this->oldIdChecked = 0;
$this->buttons = '<div>';
$this->buttons .= $this->submitButton( wfMsg( 'compareselectedversions' ),
array( 'class' => 'historysubmit' )
- + $wgUser->getSkin()->tooltipAndAccessKeyAttribs( 'compareselectedversions' )
+ + Linker::tooltipAndAccesskeyAttribs( 'compareselectedversions' )
) . "\n";
if ( $wgUser->isAllowed( 'deleterevision' ) ) {
- $float = $wgContLang->alignEnd();
- # Note bug #20966, <button> is non-standard in IE<8
- $element = Html::element( 'button',
- array(
- 'type' => 'submit',
- 'name' => 'revisiondelete',
- 'value' => '1',
- 'style' => "float: $float;",
- 'class' => 'mw-history-revisiondelete-button',
- ),
- wfMsg( 'showhideselectedversions' )
- ) . "\n";
- $s .= $element;
- $this->buttons .= $element;
- }
- if ( $wgUser->isAllowed( 'revisionmove' ) ) {
- $float = $wgContLang->alignEnd();
- # Note bug #20966, <button> is non-standard in IE<8
- $element = Html::element( 'button',
- array(
- 'type' => 'submit',
- 'name' => 'revisionmove',
- 'value' => '1',
- 'style' => "float: $float;",
- 'class' => 'mw-history-revisionmove-button',
- ),
- wfMsg( 'revisionmoveselectedversions' )
- ) . "\n";
- $s .= $element;
- $this->buttons .= $element;
+ $s .= $this->getRevisionButton( 'revisiondelete', 'showhideselectedversions' );
}
$this->buttons .= '</div>';
$s .= '</div><ul id="pagehistory">' . "\n";
return $s;
}
+ private function getRevisionButton( $name, $msg ) {
+ $this->preventClickjacking();
+ $float = wfUILang()->alignEnd();
+ # Note bug #20966, <button> is non-standard in IE<8
+ $element = Html::element( 'button',
+ array(
+ 'type' => 'submit',
+ 'name' => $name,
+ 'value' => '1',
+ 'style' => "float: $float;",
+ 'class' => "mw-history-$name-button",
+ ),
+ wfMsg( $msg )
+ ) . "\n";
+ $this->buttons .= $element;
+ return $element;
+ }
+
function getEndBody() {
if ( $this->lastRow ) {
$latest = $this->counter == 1 && $this->mIsFirst;
$del = '';
// Show checkboxes for each revision
- if ( $wgUser->isAllowed( 'deleterevision' ) || $wgUser->isAllowed( 'revisionmove' ) ) {
+ if ( $wgUser->isAllowed( 'deleterevision' ) ) {
+ $this->preventClickjacking();
// If revision was hidden from sysops, disable the checkbox
- // However, if the user has revisionmove rights, we cannot disable the checkbox
- if ( !$rev->userCan( Revision::DELETED_RESTRICTED ) && !$wgUser->isAllowed( 'revisionmove' ) ) {
+ if ( !$rev->userCan( Revision::DELETED_RESTRICTED ) ) {
$del = Xml::check( 'deleterevisions', false, array( 'disabled' => 'disabled' ) );
// Otherwise, enable the checkbox...
} else {
array( 'name' => 'ids[' . $rev->getId() . ']' ) );
}
// User can only view deleted revisions...
- } else if ( $rev->getVisibility() && $wgUser->isAllowed( 'deletedhistory' ) ) {
+ } elseif ( $rev->getVisibility() && $wgUser->isAllowed( 'deletedhistory' ) ) {
// If revision was hidden from sysops, disable the link
if ( !$rev->userCan( Revision::DELETED_RESTRICTED ) ) {
$cdel = $this->getSkin()->revDeleteLinkDisabled( false );
$s .= " $del ";
}
+ $dirmark = wfUILang()->getDirMark();
+
$s .= " $link";
+ $s .= $dirmark;
$s .= " <span class='history-user'>" .
$this->getSkin()->revUserTools( $rev, true ) . "</span>";
+ $s .= $dirmark;
if ( $rev->isMinor() ) {
$s .= ' ' . ChangesList::flag( 'minor' );
# Rollback and undo links
if ( !is_null( $next ) && is_object( $next ) ) {
if ( $latest && $this->title->userCan( 'rollback' ) && $this->title->userCan( 'edit' ) ) {
+ $this->preventClickjacking();
$tools[] = '<span class="mw-rollback-link">' .
$this->getSkin()->buildRollbackLink( $rev ) . '</span>';
}
if ( !$rev->userCan( Revision::DELETED_TEXT ) ) {
$radio['disabled'] = 'disabled';
$checkmark = array(); // We will check the next possible one
- } else if ( !$this->oldIdChecked ) {
+ } elseif ( !$this->oldIdChecked ) {
$checkmark = array( 'checked' => 'checked' );
$this->oldIdChecked = $id;
} else {
return '';
}
}
+
+ /**
+ * This is called if a write operation is possible from the generated HTML
+ */
+ function preventClickjacking( $enable = true ) {
+ $this->preventClickjacking = $enable;
+ }
+
+ /**
+ * Get the "prevent clickjacking" flag
+ */
+ function getPreventClickjacking() {
+ return $this->preventClickjacking;
+ }
}
/**
dépôts / lhc / web / wiklou.git / blobdiff