-<?
+<?php
+/**
+ *
+ * @addtogroup SpecialPage
+ */
-function wfSpecialUnlockdb()
-{
- global $wgUser, $wgOut, $action;
+/**
+ *
+ */
+function wfSpecialUnlockdb() {
+ global $wgUser, $wgOut, $wgRequest;
- if ( ! $wgUser->isDeveloper() ) {
- $wgOut->developerRequired();
+ if( !$wgUser->isAllowed( 'siteadmin' ) ) {
+ $wgOut->permissionRequired( 'siteadmin' );
return;
}
+
+ $action = $wgRequest->getVal( 'action' );
$f = new DBUnlockForm();
- if ( "success" == $action ) { $f->showSuccess(); }
- else if ( "submit" == $action ) { $f->doSubmit(); }
- else { $f->showForm( "" ); }
+ if ( "success" == $action ) {
+ $f->showSuccess();
+ } else if ( "submit" == $action && $wgRequest->wasPosted() &&
+ $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
+ $f->doSubmit();
+ } else {
+ $f->showForm( "" );
+ }
}
+/**
+ *
+ * @addtogroup SpecialPage
+ */
class DBUnlockForm {
-
function showForm( $err )
{
- global $wgOut, $wgUser, $wgLang;
- global $wpLockConfirm;
+ global $wgOut, $wgUser;
+
+ global $wgReadOnlyFile;
+ if( !file_exists( $wgReadOnlyFile ) ) {
+ $wgOut->addWikiText( wfMsg( 'databasenotlocked' ) );
+ return;
+ }
$wgOut->setPagetitle( wfMsg( "unlockdb" ) );
$wgOut->addWikiText( wfMsg( "unlockdbtext" ) );
if ( "" != $err ) {
$wgOut->setSubtitle( wfMsg( "formerror" ) );
- $wgOut->addHTML( "<p><font color='red' size='+1'>{$err}</font>\n" );
+ $wgOut->addHTML( '<p class="error">' . htmlspecialchars( $err ) . "</p>\n" );
}
- $lc = wfMsg( "unlockconfirm" );
- $lb = wfMsg( "unlockbtn" );
- $action = wfLocalUrlE( $wgLang->specialPage( "Unlockdb" ),
- "action=submit" );
-
- $wgOut->addHTML( "<p>
-<form id=\"unlockdb\" method=\"post\" action=\"{$action}\">
-<table border=0><tr>
-<td align=right>
-<input type=checkbox name=\"wpLockConfirm\">
-</td>
-<td align=\"left\">{$lc}<td>
-</tr><tr>
-<td> </td><td align=left>
-<input type=submit name=\"wpLock\" value=\"{$lb}\">
-</td></tr></table>
-</form>\n" );
+ $lc = htmlspecialchars( wfMsg( "unlockconfirm" ) );
+ $lb = htmlspecialchars( wfMsg( "unlockbtn" ) );
+ $titleObj = SpecialPage::getTitleFor( "Unlockdb" );
+ $action = $titleObj->escapeLocalURL( "action=submit" );
+ $token = htmlspecialchars( $wgUser->editToken() );
+
+ $wgOut->addHTML( <<<END
+
+<form id="unlockdb" method="post" action="{$action}">
+<table border="0">
+ <tr>
+ <td align="right">
+ <input type="checkbox" name="wpLockConfirm" />
+ </td>
+ <td align="left">{$lc}</td>
+ </tr>
+ <tr>
+ <td> </td>
+ <td align="left">
+ <input type="submit" name="wpLock" value="{$lb}" />
+ </td>
+ </tr>
+</table>
+<input type="hidden" name="wpEditToken" value="{$token}" />
+</form>
+END
+);
}
- function doSubmit()
- {
- global $wgOut, $wgUser, $wgLang;
- global $wpLockConfirm, $wgReadOnlyFile;
+ function doSubmit() {
+ global $wgOut, $wgRequest, $wgReadOnlyFile;
+ $wpLockConfirm = $wgRequest->getCheck( 'wpLockConfirm' );
if ( ! $wpLockConfirm ) {
$this->showForm( wfMsg( "locknoconfirm" ) );
return;
}
- if ( ! unlink( $wgReadOnlyFile ) ) {
- $wgOut->fileDeleteError( $wgReadOnlyFile );
+ if ( @! unlink( $wgReadOnlyFile ) ) {
+ $wgOut->showFileDeleteError( $wgReadOnlyFile );
return;
}
- $success = wfLocalUrl( $wgLang->specialPage( "Unlockdb" ),
- "action=success" );
+ $titleObj = SpecialPage::getTitleFor( "Unlockdb" );
+ $success = $titleObj->getFullURL( "action=success" );
$wgOut->redirect( $success );
}
- function showSuccess()
- {
- global $wgOut, $wgUser;
+ function showSuccess() {
+ global $wgOut;
global $ip;
$wgOut->setPagetitle( wfMsg( "unlockdb" ) );