X-Git-Url: https://git.cyclocoop.org/admin/?a=blobdiff_plain;f=includes%2Fspecialpage%2FFormSpecialPage.php;h=fb69f63e83ae8c69972c41fc621b953d001624d2;hb=017b37f35ae7f4858d253458ede06326025e2ddb;hp=66c7d47ea99c8c3269189f4909ce02d66d2639e6;hpb=61898ad28ed69c5b391eb43e0db9386279b9612c;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/specialpage/FormSpecialPage.php b/includes/specialpage/FormSpecialPage.php index 66c7d47ea9..fb69f63e83 100644 --- a/includes/specialpage/FormSpecialPage.php +++ b/includes/specialpage/FormSpecialPage.php @@ -31,10 +31,16 @@ abstract class FormSpecialPage extends SpecialPage { /** * The sub-page of the special page. - * @var string + * @var string|null */ protected $par = null; + /** + * @var array|null POST data preserved across re-authentication + * @since 1.32 + */ + protected $reauthPostData = null; + /** * Get an HTMLForm descriptor array * @return array @@ -89,13 +95,31 @@ abstract class FormSpecialPage extends SpecialPage { * @return HTMLForm|null */ protected function getForm() { + $context = $this->getContext(); + $onSubmit = [ $this, 'onSubmit' ]; + + if ( $this->reauthPostData ) { + // Restore POST data + $context = new DerivativeContext( $context ); + $oldRequest = $this->getRequest(); + $context->setRequest( new DerivativeRequest( + $oldRequest, $this->reauthPostData + $oldRequest->getQueryValues(), true + ) ); + + // But don't treat it as a "real" submission just in case of some + // crazy kind of CSRF. + $onSubmit = function () { + return false; + }; + } + $form = HTMLForm::factory( $this->getDisplayFormat(), $this->getFormFields(), - $this->getContext(), + $context, $this->getMessagePrefix() ); - $form->setSubmitCallback( [ $this, 'onSubmit' ] ); + $form->setSubmitCallback( $onSubmit ); if ( $this->getDisplayFormat() !== 'ooui' ) { // No legend and wrapper by default in OOUI forms, but can be set manually // from alterForm() @@ -126,10 +150,11 @@ abstract class FormSpecialPage extends SpecialPage { /** * Process the form on POST submission. * @param array $data - * @param HTMLForm $form + * @param HTMLForm|null $form + * @suppress PhanCommentParamWithoutRealParam Many implementations don't have $form * @return bool|string|array|Status As documented for HTMLForm::trySubmit. */ - abstract public function onSubmit( array $data /* $form = null */ ); + abstract public function onSubmit( array $data /* HTMLForm $form = null */ ); /** * Do something exciting on successful processing of the form, most likely to show a @@ -142,7 +167,7 @@ abstract class FormSpecialPage extends SpecialPage { /** * Basic SpecialPage workflow: get a form, send it to the user; get some data back, * - * @param string $par Subpage string if one was specified + * @param string|null $par Subpage string if one was specified */ public function execute( $par ) { $this->setParameter( $par ); @@ -151,6 +176,11 @@ abstract class FormSpecialPage extends SpecialPage { // This will throw exceptions if there's a problem $this->checkExecutePermissions( $this->getUser() ); + $securityLevel = $this->getLoginSecurityLevel(); + if ( $securityLevel !== false && !$this->checkLoginSecurityLevel( $securityLevel ) ) { + return; + } + $form = $this->getForm(); if ( $form->show() ) { $this->onSuccess(); @@ -159,7 +189,7 @@ abstract class FormSpecialPage extends SpecialPage { /** * Maybe do something interesting with the subpage parameter - * @param string $par + * @param string|null $par */ protected function setParameter( $par ) { $this->par = $par; @@ -174,9 +204,11 @@ abstract class FormSpecialPage extends SpecialPage { protected function checkExecutePermissions( User $user ) { $this->checkPermissions(); - if ( $this->requiresUnblock() && $user->isBlocked() ) { + if ( $this->requiresUnblock() ) { $block = $user->getBlock(); - throw new UserBlockedError( $block ); + if ( $block && $block->isSitewide() ) { + throw new UserBlockedError( $block ); + } } if ( $this->requiresWrite() ) { @@ -199,4 +231,14 @@ abstract class FormSpecialPage extends SpecialPage { public function requiresUnblock() { return true; } + + /** + * Preserve POST data across reauthentication + * + * @since 1.32 + * @param array $data + */ + protected function setReauthPostData( array $data ) { + $this->reauthPostData = $data; + } }