| Index: trunk/extensions/CodeReview/CodeReview.i18n.php |
| — | — | @@ -43,6 +43,7 @@ |
| 44 | 44 | 'code-author-link' => 'link?', |
| 45 | 45 | 'code-author-unlink' => 'unlink?', |
| 46 | 46 | 'code-author-unlinksuccess' => 'Author $1 has been unlinked', |
| | 47 | + 'code-author-badtoken' => 'Session error trying to perform the action.', |
| 47 | 48 | 'code-browsing-path' => "Browsing revisions in '''$1'''", |
| 48 | 49 | 'code-field-id' => 'Revision', |
| 49 | 50 | 'code-field-author' => 'Author', |
| Index: trunk/extensions/CodeReview/ui/CodeRevisionAuthorLink.php |
| — | — | @@ -29,10 +29,12 @@ |
| 30 | 30 | } |
| 31 | 31 | |
| 32 | 32 | function doForm() { |
| 33 | | - global $wgOut; |
| | 33 | + global $wgOut, $wgUser; |
| 34 | 34 | $form = Xml::openElement( 'form', array( 'method' => 'post', |
| 35 | 35 | 'action' => $this->getTitle()->getLocalUrl(), |
| 36 | 36 | 'name' => 'uluser', 'id' => 'mw-codeauthor-form1' ) ); |
| | 37 | + |
| | 38 | + $form .= Html::hidden( 'linktoken', $wgUser->getToken() ); |
| 37 | 39 | $form .= Xml::openElement( 'fieldset' ); |
| 38 | 40 | |
| 39 | 41 | $additional = ''; |
| — | — | @@ -57,8 +59,14 @@ |
| 58 | 60 | } |
| 59 | 61 | |
| 60 | 62 | function doSubmit() { |
| 61 | | - global $wgOut, $wgRequest; |
| | 63 | + global $wgOut, $wgRequest, $wgUser; |
| 62 | 64 | // Link an author to a wiki user |
| | 65 | + |
| | 66 | + if ( $wgRequest->getVal( 'linktoken') != $wgUser->getToken() ) { |
| | 67 | + $wgOut->addWikiMsg( 'code-author-badtoken' ); |
| | 68 | + return; |
| | 69 | + } |
| | 70 | + |
| 63 | 71 | if ( strlen( $this->mTarget ) && $wgRequest->getCheck( 'newname' ) ) { |
| 64 | 72 | $user = User::newFromName( $this->mTarget, false ); |
| 65 | 73 | if ( !$user || !$user->getId() ) { |