dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
* (bug 6618) Improve permissions/error detection in Special:Lockdb
[lhc/web/wiklou.git] / includes / SpecialLockdb.php
1 <?php
2 /**
3 *
4 * @package MediaWiki
5 * @subpackage SpecialPage
6 */
7
8 /**
9 * Constructor
10 */
11 function wfSpecialLockdb() {
12 global $wgUser, $wgOut, $wgRequest;
13
14 if( !$wgUser->isAllowed( 'siteadmin' ) ) {
15 $wgOut->permissionRequired( 'siteadmin' );
16 return;
17 }
18
19 # If the lock file isn't writable, we can do sweet bugger all
20 global $wgReadOnlyFile;
21 if( !is_writable( dirname( $wgReadOnlyFile ) ) ) {
22 DBLockForm::notWritable();
23 return;
24 }
25
26 $action = $wgRequest->getVal( 'action' );
27 $f = new DBLockForm();
28
29 if ( 'success' == $action ) {
30 $f->showSuccess();
31 } else if ( 'submit' == $action && $wgRequest->wasPosted() &&
32 $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
33 $f->doSubmit();
34 } else {
35 $f->showForm( '' );
36 }
37 }
38
39 /**
40 *
41 * @package MediaWiki
42 * @subpackage SpecialPage
43 */
44 class DBLockForm {
45 var $reason = '';
46
47 function DBLockForm() {
48 global $wgRequest;
49 $this->reason = $wgRequest->getText( 'wpLockReason' );
50 }
51
52 function showForm( $err ) {
53 global $wgOut, $wgUser;
54
55 $wgOut->setPagetitle( wfMsg( 'lockdb' ) );
56 $wgOut->addWikiText( wfMsg( 'lockdbtext' ) );
57
58 if ( "" != $err ) {
59 $wgOut->setSubtitle( wfMsg( 'formerror' ) );
60 $wgOut->addHTML( '<p class="error">' . htmlspecialchars( $err ) . "</p>\n" );
61 }
62 $lc = htmlspecialchars( wfMsg( 'lockconfirm' ) );
63 $lb = htmlspecialchars( wfMsg( 'lockbtn' ) );
64 $elr = htmlspecialchars( wfMsg( 'enterlockreason' ) );
65 $titleObj = Title::makeTitle( NS_SPECIAL, 'Lockdb' );
66 $action = $titleObj->escapeLocalURL( 'action=submit' );
67 $token = htmlspecialchars( $wgUser->editToken() );
68
69 $wgOut->addHTML( <<<END
70 <form id="lockdb" method="post" action="{$action}">
71 {$elr}:
72 <textarea name="wpLockReason" rows="10" cols="60" wrap="virtual"></textarea>
73 <table border="0">
74 <tr>
75 <td align="right">
76 <input type="checkbox" name="wpLockConfirm" />
77 </td>
78 <td align="left">{$lc}</td>
79 </tr>
80 <tr>
81 <td>&nbsp;</td>
82 <td align="left">
83 <input type="submit" name="wpLock" value="{$lb}" />
84 </td>
85 </tr>
86 </table>
87 <input type="hidden" name="wpEditToken" value="{$token}" />
88 </form>
89 END
90 );
91
92 }
93
94 function doSubmit() {
95 global $wgOut, $wgUser, $wgLang, $wgRequest;
96 global $wgReadOnlyFile;
97
98 if ( ! $wgRequest->getCheck( 'wpLockConfirm' ) ) {
99 $this->showForm( wfMsg( 'locknoconfirm' ) );
100 return;
101 }
102 $fp = @fopen( $wgReadOnlyFile, 'w' );
103
104 if ( false === $fp ) {
105 # This used to show a file not found error, but the likeliest reason for fopen()
106 # to fail at this point is insufficient permission to write to the file...good old
107 # is_writable() is plain wrong in some cases, it seems...
108 $this->notWritable();
109 return;
110 }
111 fwrite( $fp, $this->reason );
112 fwrite( $fp, "\n<p>(by " . $wgUser->getName() . " at " .
113 $wgLang->timeanddate( wfTimestampNow() ) . ")\n" );
114 fclose( $fp );
115
116 $titleObj = Title::makeTitle( NS_SPECIAL, 'Lockdb' );
117 $wgOut->redirect( $titleObj->getFullURL( 'action=success' ) );
118 }
119
120 function showSuccess() {
121 global $wgOut;
122
123 $wgOut->setPagetitle( wfMsg( 'lockdb' ) );
124 $wgOut->setSubtitle( wfMsg( 'lockdbsuccesssub' ) );
125 $wgOut->addWikiText( wfMsg( 'lockdbsuccesstext' ) );
126 }
127
128 function notWritable() {
129 global $wgOut;
130 $wgOut->errorPage( 'lockdb', 'lockfilenotwritable' );
131 }
132
133 }
134
135 ?>
Wiklou, le Wiki du Wiklou