Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

And while I'm at it, move token check to onView() so that if action=markpatrolled is called without parameters, the user will see 'markedaspatrollederror' error and not 'sessionfailure'

Browse source
This commit is contained in:
Alexandre Emsenhuber 2011-11-04 16:40:00 +00:00
parent eabb7d1638
commit 6f74142d46
1 changed files with 9 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
includes/actions/MarkpatrolledAction.php
View file

@ -36,22 +36,21 @@ class MarkpatrolledAction extends FormlessAction {
return '';
}
protected function checkCanExecute( User $user ) {
if ( !$user->matchEditToken( $this->getRequest()->getVal( 'token' ), $this->getRequest()->getInt( 'rcid' ) ) ) {
throw new ErrorPageError( 'sessionfailure-title', 'sessionfailure' );
}
return parent::checkCanExecute( $user );
}
public function onView() {
$rc = RecentChange::newFromId( $this->getRequest()->getInt( 'rcid' ) );
$request = $this->getRequest();
$rcId = $request->getInt( 'rcid' );
$rc = RecentChange::newFromId( $rcId );
if ( is_null( $rc ) ) {
throw new ErrorPageError( 'markedaspatrollederror', 'markedaspatrollederrortext' );
}
$errors = $rc->doMarkPatrolled( $this->getUser() );
$user = $this->getUser();
if ( !$user->matchEditToken( $request->getVal( 'token' ), $rcId ) ) {
throw new ErrorPageError( 'sessionfailure-title', 'sessionfailure' );
}
$errors = $rc->doMarkPatrolled( $user );
if ( in_array( array( 'rcpatroldisabled' ), $errors ) ) {
throw new ErrorPageError( 'rcpatroldisabled', 'rcpatroldisabledtext' );