Index: trunk/extensions/CodeReview/CodeReview.i18n.php |
— | — | @@ -43,6 +43,7 @@ |
44 | 44 | 'code-author-link' => 'link?', |
45 | 45 | 'code-author-unlink' => 'unlink?', |
46 | 46 | 'code-author-unlinksuccess' => 'Author $1 has been unlinked', |
| 47 | + 'code-author-badtoken' => 'Session error trying to perform the action.', |
47 | 48 | 'code-browsing-path' => "Browsing revisions in '''$1'''", |
48 | 49 | 'code-field-id' => 'Revision', |
49 | 50 | 'code-field-author' => 'Author', |
Index: trunk/extensions/CodeReview/ui/CodeRevisionAuthorLink.php |
— | — | @@ -29,10 +29,12 @@ |
30 | 30 | } |
31 | 31 | |
32 | 32 | function doForm() { |
33 | | - global $wgOut; |
| 33 | + global $wgOut, $wgUser; |
34 | 34 | $form = Xml::openElement( 'form', array( 'method' => 'post', |
35 | 35 | 'action' => $this->getTitle()->getLocalUrl(), |
36 | 36 | 'name' => 'uluser', 'id' => 'mw-codeauthor-form1' ) ); |
| 37 | + |
| 38 | + $form .= Html::hidden( 'linktoken', $wgUser->getToken() ); |
37 | 39 | $form .= Xml::openElement( 'fieldset' ); |
38 | 40 | |
39 | 41 | $additional = ''; |
— | — | @@ -57,8 +59,14 @@ |
58 | 60 | } |
59 | 61 | |
60 | 62 | function doSubmit() { |
61 | | - global $wgOut, $wgRequest; |
| 63 | + global $wgOut, $wgRequest, $wgUser; |
62 | 64 | // Link an author to a wiki user |
| 65 | + |
| 66 | + if ( $wgRequest->getVal( 'linktoken') != $wgUser->getToken() ) { |
| 67 | + $wgOut->addWikiMsg( 'code-author-badtoken' ); |
| 68 | + return; |
| 69 | + } |
| 70 | + |
63 | 71 | if ( strlen( $this->mTarget ) && $wgRequest->getCheck( 'newname' ) ) { |
64 | 72 | $user = User::newFromName( $this->mTarget, false ); |
65 | 73 | if ( !$user || !$user->getId() ) { |