From 6f74142d46505e58d01cded621a83c0c24ce5a35 Mon Sep 17 00:00:00 2001
From: Alexandre Emsenhuber <ialex@users.mediawiki.org>
Date: Fri, 4 Nov 2011 16:40:00 +0000
Subject: [PATCH] And while I'm at it, move token check to onView() so that if
 action=markpatrolled is called without parameters, the user will see
 'markedaspatrollederror' error and not 'sessionfailure'

---
 includes/actions/MarkpatrolledAction.php | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/includes/actions/MarkpatrolledAction.php b/includes/actions/MarkpatrolledAction.php
index c1f6fdc40d..b4d41f16c7 100644
--- a/includes/actions/MarkpatrolledAction.php
+++ b/includes/actions/MarkpatrolledAction.php
@@ -36,22 +36,21 @@ class MarkpatrolledAction extends FormlessAction {
 		return '';
 	}
 
-	protected function checkCanExecute( User $user ) {
-		if ( !$user->matchEditToken( $this->getRequest()->getVal( 'token' ), $this->getRequest()->getInt( 'rcid' ) ) ) {
-			throw new ErrorPageError( 'sessionfailure-title', 'sessionfailure' );
-		}
-
-		return parent::checkCanExecute( $user );
-	}
-
 	public function onView() {
-		$rc = RecentChange::newFromId( $this->getRequest()->getInt( 'rcid' ) );
+		$request = $this->getRequest();
 
+		$rcId = $request->getInt( 'rcid' );
+		$rc = RecentChange::newFromId( $rcId );
 		if ( is_null( $rc ) ) {
 			throw new ErrorPageError( 'markedaspatrollederror', 'markedaspatrollederrortext' );
 		}
 
-		$errors = $rc->doMarkPatrolled( $this->getUser() );
+		$user = $this->getUser();
+		if ( !$user->matchEditToken( $request->getVal( 'token' ), $rcId ) ) {
+			throw new ErrorPageError( 'sessionfailure-title', 'sessionfailure' );
+		}
+
+		$errors = $rc->doMarkPatrolled( $user );
 
 		if ( in_array( array( 'rcpatroldisabled' ), $errors ) ) {
 			throw new ErrorPageError( 'rcpatroldisabled', 'rcpatroldisabledtext' );
-- 
2.20.1