And while I'm at it, move token check to onView() so that if action=markpatrolled...

diff --git a/includes/actions/MarkpatrolledAction.php b/includes/actions/MarkpatrolledAction.php
index c1f6fdc..b4d41f1 100644 (file)
--- a/includes/actions/MarkpatrolledAction.php
+++ b/includes/actions/MarkpatrolledAction.php
@@ -36,22 +36,21 @@ class MarkpatrolledAction extends FormlessAction {
                return '';
        }
 
-       protected function checkCanExecute( User $user ) {
-               if ( !$user->matchEditToken( $this->getRequest()->getVal( 'token' ), $this->getRequest()->getInt( 'rcid' ) ) ) {
-                       throw new ErrorPageError( 'sessionfailure-title', 'sessionfailure' );
-               }
-
-               return parent::checkCanExecute( $user );
-       }
-
        public function onView() {
-               $rc = RecentChange::newFromId( $this->getRequest()->getInt( 'rcid' ) );
+               $request = $this->getRequest();
 
+               $rcId = $request->getInt( 'rcid' );
+               $rc = RecentChange::newFromId( $rcId );
                if ( is_null( $rc ) ) {
                        throw new ErrorPageError( 'markedaspatrollederror', 'markedaspatrollederrortext' );
                }
 
-               $errors = $rc->doMarkPatrolled( $this->getUser() );
+               $user = $this->getUser();
+               if ( !$user->matchEditToken( $request->getVal( 'token' ), $rcId ) ) {
+                       throw new ErrorPageError( 'sessionfailure-title', 'sessionfailure' );
+               }
+
+               $errors = $rc->doMarkPatrolled( $user );
 
                if ( in_array( array( 'rcpatroldisabled' ), $errors ) ) {
                        throw new ErrorPageError( 'rcpatroldisabled', 'rcpatroldisabledtext' );