if( $wgRequest->wasPosted() && $wgRequest->getVal( 'action' ) == 'submit') {
$isUpload = false;
$namespace = $wgRequest->getIntOrNull( 'namespace' );
+ $sourceName = $wgRequest->getVal( "source" );
- switch( $wgRequest->getVal( "source" ) ) {
- case "upload":
+ if ( !$wgUser->matchEditToken( $wgRequest->getVal( 'editToken' ) ) ) {
+ $source = new WikiErrorMsg( 'import-token-mismatch' );
+ } elseif ( $sourceName == 'upload' ) {
$isUpload = true;
if( $wgUser->isAllowed( 'importupload' ) ) {
$source = ImportStreamSource::newFromUpload( "xmlimport" );
} else {
return $wgOut->permissionRequired( 'importupload' );
}
- break;
- case "interwiki":
+ } elseif ( $sourceName == "interwiki" ) {
$interwiki = $wgRequest->getVal( 'interwiki' );
- $history = $wgRequest->getCheck( 'interwikiHistory' );
- $frompage = $wgRequest->getText( "frompage" );
- $source = ImportStreamSource::newFromInterwiki(
- $interwiki,
- $frompage,
- $history );
- break;
- default:
+ if ( !in_array( $interwiki, $wgImportSources ) ) {
+ $source = new WikiErrorMsg( "import-invalid-interwiki" );
+ } else {
+ $history = $wgRequest->getCheck( 'interwikiHistory' );
+ $frompage = $wgRequest->getText( "frompage" );
+ $source = ImportStreamSource::newFromInterwiki(
+ $interwiki,
+ $frompage,
+ $history );
+ }
+ } else {
$source = new WikiErrorMsg( "importunknownsource" );
}
Xml::hidden( 'action', 'submit' ) .
Xml::hidden( 'source', 'upload' ) .
Xml::input( 'xmlimport', 50, '', array( 'type' => 'file' ) ) . ' ' .
+ Xml::hidden( 'editToken', $wgUser->editToken() ) .
Xml::submitButton( wfMsg( 'uploadbtn' ) ) .
Xml::closeElement( 'form' ) .
Xml::closeElement( 'fieldset' )
wfMsgExt( 'import-interwiki-text', array( 'parse' ) ) .
Xml::hidden( 'action', 'submit' ) .
Xml::hidden( 'source', 'interwiki' ) .
+ Xml::hidden( 'editToken', $wgUser->editToken() ) .
Xml::openElement( 'table', array( 'id' => 'mw-import-table' ) ) .
"<tr>
<td>" .
'import-nonewrevisions' => 'All revisions were previously imported.',
'xml-error-string' => '$1 at line $2, col $3 (byte $4): $5',
'import-upload' => 'Upload XML data',
+'import-token-mismatch' => 'Loss of session data. Please try again.',
+'import-invalid-interwiki' => 'Cannot import from the specified wiki.',
# Import log
'importlogpage' => 'Import log',