<?php
/**
*
+ * @addtogroup SpecialPage
*/
/**
* Constructor
*/
-function wfSpecialLockdb()
-{
+function wfSpecialLockdb() {
global $wgUser, $wgOut, $wgRequest;
- if ( ! $wgUser->isDeveloper() ) {
- $wgOut->developerRequired();
+ if( !$wgUser->isAllowed( 'siteadmin' ) ) {
+ $wgOut->permissionRequired( 'siteadmin' );
return;
}
- $action = $wgRequest->getText( 'action' );
+
+ # If the lock file isn't writable, we can do sweet bugger all
+ global $wgReadOnlyFile;
+ if( !is_writable( dirname( $wgReadOnlyFile ) ) ) {
+ DBLockForm::notWritable();
+ return;
+ }
+
+ $action = $wgRequest->getVal( 'action' );
$f = new DBLockForm();
- if ( "success" == $action ) { $f->showSuccess(); }
- else if ( "submit" == $action && $wgRequest->wasPosted() ) { $f->doSubmit(); }
- else { $f->showForm( "" ); }
+ if ( 'success' == $action ) {
+ $f->showSuccess();
+ } else if ( 'submit' == $action && $wgRequest->wasPosted() &&
+ $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
+ $f->doSubmit();
+ } else {
+ $f->showForm( '' );
+ }
}
/**
- *
+ * A form to make the database readonly (eg for maintenance purposes).
+ * @addtogroup SpecialPage
*/
class DBLockForm {
var $reason = '';
-
+
function DBLockForm() {
global $wgRequest;
$this->reason = $wgRequest->getText( 'wpLockReason' );
}
-
- function showForm( $err )
- {
- global $wgOut, $wgUser, $wgLang;
- $wgOut->setPagetitle( wfMsg( "lockdb" ) );
- $wgOut->addWikiText( wfMsg( "lockdbtext" ) );
+ function showForm( $err ) {
+ global $wgOut, $wgUser;
+
+ $wgOut->setPagetitle( wfMsg( 'lockdb' ) );
+ $wgOut->addWikiText( wfMsg( 'lockdbtext' ) );
if ( "" != $err ) {
- $wgOut->setSubtitle( wfMsg( "formerror" ) );
- $wgOut->addHTML( "<p><font color='red' size='+1'>{$err}</font>\n" );
+ $wgOut->setSubtitle( wfMsg( 'formerror' ) );
+ $wgOut->addHTML( '<p class="error">' . htmlspecialchars( $err ) . "</p>\n" );
}
- $lc = wfMsg( "lockconfirm" );
- $lb = wfMsg( "lockbtn" );
- $elr = wfMsg( "enterlockreason" );
- $titleObj = Title::makeTitle( NS_SPECIAL, "Lockdb" );
- $action = $titleObj->escapeLocalURL( "action=submit" );
-
- $wgOut->addHTML( "<p>
-<form id=\"lockdb\" method=\"post\" action=\"{$action}\">
+ $lc = htmlspecialchars( wfMsg( 'lockconfirm' ) );
+ $lb = htmlspecialchars( wfMsg( 'lockbtn' ) );
+ $elr = htmlspecialchars( wfMsg( 'enterlockreason' ) );
+ $titleObj = SpecialPage::getTitleFor( 'Lockdb' );
+ $action = $titleObj->escapeLocalURL( 'action=submit' );
+ $reason = htmlspecialchars( $this->reason );
+ $token = htmlspecialchars( $wgUser->editToken() );
+
+ $wgOut->addHTML( <<<END
+<form id="lockdb" method="post" action="{$action}">
{$elr}:
-<textarea name=\"wpLockReason\" rows=10 cols=60 wrap=virtual>
-</textarea>
-<table border=0><tr>
-<td align=right>
-<input type=checkbox name=\"wpLockConfirm\">
-</td>
-<td align=left>{$lc}<td>
-</tr><tr>
-<td> </td><td align=left>
-<input type=submit name=\"wpLock\" value=\"{$lb}\">
-</td></tr></table>
-</form>\n" );
+<textarea name="wpLockReason" rows="10" cols="60" wrap="virtual">{$reason}</textarea>
+<table border="0">
+ <tr>
+ <td align="right">
+ <input type="checkbox" name="wpLockConfirm" />
+ </td>
+ <td align="left">{$lc}</td>
+ </tr>
+ <tr>
+ <td> </td>
+ <td align="left">
+ <input type="submit" name="wpLock" value="{$lb}" />
+ </td>
+ </tr>
+</table>
+<input type="hidden" name="wpEditToken" value="{$token}" />
+</form>
+END
+);
}
global $wgReadOnlyFile;
if ( ! $wgRequest->getCheck( 'wpLockConfirm' ) ) {
- $this->showForm( wfMsg( "locknoconfirm" ) );
+ $this->showForm( wfMsg( 'locknoconfirm' ) );
return;
}
- $fp = fopen( $wgReadOnlyFile, "w" );
+ $fp = @fopen( $wgReadOnlyFile, 'w' );
if ( false === $fp ) {
- $wgOut->fileNotFoundError( $wgReadOnlyFile );
+ # This used to show a file not found error, but the likeliest reason for fopen()
+ # to fail at this point is insufficient permission to write to the file...good old
+ # is_writable() is plain wrong in some cases, it seems...
+ $this->notWritable();
return;
}
fwrite( $fp, $this->reason );
$wgLang->timeanddate( wfTimestampNow() ) . ")\n" );
fclose( $fp );
- $titleObj = Title::makeTitle( NS_SPECIAL, "Lockdb" );
- $wgOut->redirect( $titleObj->getFullURL( "action=success" ) );
+ $titleObj = SpecialPage::getTitleFor( 'Lockdb' );
+ $wgOut->redirect( $titleObj->getFullURL( 'action=success' ) );
}
function showSuccess() {
- global $wgOut, $wgUser;
+ global $wgOut;
- $wgOut->setPagetitle( wfMsg( "lockdb" ) );
- $wgOut->setSubtitle( wfMsg( "lockdbsuccesssub" ) );
- $wgOut->addWikiText( wfMsg( "lockdbsuccesstext" ) );
+ $wgOut->setPagetitle( wfMsg( 'lockdb' ) );
+ $wgOut->setSubtitle( wfMsg( 'lockdbsuccesssub' ) );
+ $wgOut->addWikiText( wfMsg( 'lockdbsuccesstext' ) );
}
+
+ public static function notWritable() {
+ global $wgOut;
+ $wgOut->errorPage( 'lockdb', 'lockfilenotwritable' );
+ }
+
}
-?>
+