Index: trunk/extensions/MobileFrontend/MobileFrontend.php |
— | — | @@ -65,7 +65,7 @@ |
66 | 66 | ); |
67 | 67 | |
68 | 68 | class ExtMobileFrontend { |
69 | | - const VERSION = '0.5.52'; |
| 69 | + const VERSION = '0.5.53'; |
70 | 70 | |
71 | 71 | /** |
72 | 72 | * @var DOMDocument |
— | — | @@ -335,12 +335,19 @@ |
336 | 336 | |
337 | 337 | $subject = htmlspecialchars( $wgRequest->getText( 'subject', '' ) ); |
338 | 338 | $message = htmlspecialchars( $wgRequest->getText( 'message', '' ) ); |
| 339 | + $token = htmlspecialchars( $wgRequest->getText( 'edittoken', '' ) ); |
339 | 340 | |
340 | 341 | $title = Title::newFromText( 'MobileFrontend Extension Feedback' ); |
341 | | - $article = new Article( $title, 0 ); |
342 | | - $rawtext = $article->getRawText(); |
343 | | - $rawtext .= "\n== {$subject} == \n {$message} ~~~~ \n <small>User agent: {$userAgent}</small> "; |
344 | | - $article->doEdit( $rawtext, '' ); |
| 342 | + |
| 343 | + if ( $title->userCan( 'edit' ) && |
| 344 | + !$wgUser->isBlockedFrom( $title ) && |
| 345 | + $wgUser->matchEditToken( $token ) ) { |
| 346 | + $article = new Article( $title, 0 ); |
| 347 | + $rawtext = $article->getRawText(); |
| 348 | + $rawtext .= "\n== {$subject} == \n {$message} ~~~~ \n <small>User agent: {$userAgent}</small> "; |
| 349 | + $article->doEdit( $rawtext, '' ); |
| 350 | + } |
| 351 | + |
345 | 352 | $location = str_replace( '&mobileaction=leave_feedback_post', '', $wgRequest->getFullRequestURL() ); |
346 | 353 | $wgRequest->response()->header( 'Location: ' . $location ); |
347 | 354 | wfProfileOut( __METHOD__ ); |
— | — | @@ -469,10 +476,11 @@ |
470 | 477 | } |
471 | 478 | |
472 | 479 | private function renderLeaveFeedbackXHTML() { |
473 | | - global $wgRequest; |
| 480 | + global $wgRequest, $wgUser; |
474 | 481 | wfProfileIn( __METHOD__ ); |
475 | 482 | if ( $this->contentFormat == 'XHTML' ) { |
476 | 483 | $this->getMsg(); |
| 484 | + $editToken = $wgUser->editToken(); |
477 | 485 | |
478 | 486 | $title = self::$messages['mobile-frontend-leave-feedback-title']; |
479 | 487 | $notice = self::$messages['mobile-frontend-leave-feedback-notice']; |
Index: trunk/extensions/MobileFrontend/views/information/leave_feedback.html.php |
— | — | @@ -4,6 +4,7 @@ |
5 | 5 | |
6 | 6 | $leaveFeedbackHtml = <<<EOT |
7 | 7 | <form action='{$feedbackPostURL}' method='post'> |
| 8 | +<input type="hidden" name="edittoken" value="{$editToken}"/> |
8 | 9 | <div tabindex="-1"> |
9 | 10 | <div unselectable="on"> |
10 | 11 | <span unselectable="on"><p>{$title}</p></span> |