r95880 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r95879‎ | r95880 | r95881 >
Date:16:14, 31 August 2011
Author:jeroendedauw
Status:ok
Tags:
Comment:
address bug 30644
Modified paths:
  • /trunk/extensions/UploadWizard/includes/specials/SpecialUploadCampaigns.php (modified) (history)

Diff [purge]

Index: trunk/extensions/UploadWizard/includes/specials/SpecialUploadCampaigns.php
@@ -66,7 +66,8 @@
6767 && $wgRequest->getCheck( 'newcampaign' ) ) {
6868 $this->getOutput()->redirect( SpecialPage::getTitleFor( 'UploadCampaign', $wgRequest->getVal( 'newcampaign' ) )->getLocalURL() );
6969 }
70 - elseif ( count( $subPage ) == 2 && $subPage[0] == 'del' ) {
 70+ elseif ( count( $subPage ) == 2 && $subPage[0] == 'del'
 71+ && $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
7172 $campaign = UploadWizardCampaign::newFromName( $subPage[1], false );
7273 $campaign->deleteFromDB();
7374 $this->getOutput()->redirect( $this->getTitle()->getLocalURL() );
@@ -171,6 +172,9 @@
172173
173174 $out->addHTML( '<tbody>' );
174175
 176+ global $wgUser;
 177+ $editToken = array( 'wpEditToken' => $wgUser->editToken() );
 178+
175179 foreach ( $campaigns as $campaign ) {
176180 $out->addHTML(
177181 '<tr>' .
@@ -197,7 +201,7 @@
198202 Html::element(
199203 'a',
200204 array(
201 - 'href' => SpecialPage::getTitleFor( 'UploadCampaigns', 'del/' . $campaign->campaign_name )->getLocalURL(),
 205+ 'href' => SpecialPage::getTitleFor( 'UploadCampaigns', 'del/' . $campaign->campaign_name )->getLocalURL( $editToken ),
202206 'onclick' => 'return confirm( "' . wfMsg( 'mwe-upwiz-campaigns-confdel' ) . '" )'
203207 ),
204208 wfMsg( 'mwe-upwiz-campaigns-delete' )

Follow-up revisions

RevisionCommit summaryAuthorDate
r958871.17wmf1: MFT UploadWizard fixes r95691, r95726, r95727, r95793, r95815, r958...catrope17:10, 31 August 2011
r95976use id and name in token salt; bug 30644jeroendedauw13:04, 1 September 2011
r96575fix bug 30644jeroendedauw15:15, 8 September 2011

Status & tagging log