MediaWiki REL1_31
FormSpecialPage.php
Go to the documentation of this file.
1<?php
31abstract class FormSpecialPage extends SpecialPage {
36 protected $par = null;
37
42 protected $reauthPostData = null;
43
48 abstract protected function getFormFields();
49
54 protected function preText() {
55 return '';
56 }
57
62 protected function postText() {
63 return '';
64 }
65
70 protected function alterForm( HTMLForm $form ) {
71 }
72
79 protected function getMessagePrefix() {
80 return strtolower( $this->getName() );
81 }
82
89 protected function getDisplayFormat() {
90 return 'table';
91 }
92
97 protected function getForm() {
98 $context = $this->getContext();
99 $onSubmit = [ $this, 'onSubmit' ];
100
101 if ( $this->reauthPostData ) {
102 // Restore POST data
104 $oldRequest = $this->getRequest();
105 $context->setRequest( new DerivativeRequest(
106 $oldRequest, $this->reauthPostData + $oldRequest->getQueryValues(), true
107 ) );
108
109 // But don't treat it as a "real" submission just in case of some
110 // crazy kind of CSRF.
111 $onSubmit = function () {
112 return false;
113 };
114 }
115
116 $form = HTMLForm::factory(
117 $this->getDisplayFormat(),
118 $this->getFormFields(),
119 $context,
120 $this->getMessagePrefix()
121 );
122 $form->setSubmitCallback( $onSubmit );
123 if ( $this->getDisplayFormat() !== 'ooui' ) {
124 // No legend and wrapper by default in OOUI forms, but can be set manually
125 // from alterForm()
126 $form->setWrapperLegendMsg( $this->getMessagePrefix() . '-legend' );
127 }
128
129 $headerMsg = $this->msg( $this->getMessagePrefix() . '-text' );
130 if ( !$headerMsg->isDisabled() ) {
131 $form->addHeaderText( $headerMsg->parseAsBlock() );
132 }
133
134 $form->addPreText( $this->preText() );
135 $form->addPostText( $this->postText() );
136 $this->alterForm( $form );
137 if ( $form->getMethod() == 'post' ) {
138 // Retain query parameters (uselang etc) on POST requests
139 $params = array_diff_key(
140 $this->getRequest()->getQueryValues(), [ 'title' => null ] );
141 $form->addHiddenField( 'redirectparams', wfArrayToCgi( $params ) );
142 }
143
144 // Give hooks a chance to alter the form, adding extra fields or text etc
145 Hooks::run( 'SpecialPageBeforeFormDisplay', [ $this->getName(), &$form ] );
146
147 return $form;
148 }
149
156 abstract public function onSubmit( array $data /* $form = null */ );
157
163 public function onSuccess() {
164 }
165
171 public function execute( $par ) {
172 $this->setParameter( $par );
173 $this->setHeaders();
174
175 // This will throw exceptions if there's a problem
176 $this->checkExecutePermissions( $this->getUser() );
177
178 $securityLevel = $this->getLoginSecurityLevel();
179 if ( $securityLevel !== false && !$this->checkLoginSecurityLevel( $securityLevel ) ) {
180 return;
181 }
182
183 $form = $this->getForm();
184 if ( $form->show() ) {
185 $this->onSuccess();
186 }
187 }
188
193 protected function setParameter( $par ) {
194 $this->par = $par;
195 }
196
203 protected function checkExecutePermissions( User $user ) {
204 $this->checkPermissions();
205
206 if ( $this->requiresUnblock() && $user->isBlocked() ) {
207 $block = $user->getBlock();
208 throw new UserBlockedError( $block );
209 }
210
211 if ( $this->requiresWrite() ) {
212 $this->checkReadOnly();
213 }
214 }
215
220 public function requiresWrite() {
221 return true;
222 }
223
228 public function requiresUnblock() {
229 return true;
230 }
231
238 protected function setReauthPostData( array $data ) {
239 $this->reauthPostData = $data;
240 }
241}
wfArrayToCgi( $array1, $array2=null, $prefix='')
This function takes one or two arrays as input, and returns a CGI-style string, e....
An IContextSource implementation which will inherit context from another source but allow individual ...
Similar to FauxRequest, but only fakes URL parameters and method (POST or GET) and use the base reque...
Special page which uses an HTMLForm to handle processing.
array null $reauthPostData
POST data preserved across re-authentication.
getMessagePrefix()
Get message prefix for HTMLForm.
onSuccess()
Do something exciting on successful processing of the form, most likely to show a confirmation messag...
getForm()
Get the HTMLForm to control behavior.
preText()
Add pre-text to the form.
alterForm(HTMLForm $form)
Play with the HTMLForm if you need to more substantially.
postText()
Add post-text to the form.
getDisplayFormat()
Get display format for the form.
onSubmit(array $data)
Process the form on POST submission.
setReauthPostData(array $data)
Preserve POST data across reauthentication.
checkExecutePermissions(User $user)
Called from execute() to check if the given user can perform this action.
requiresUnblock()
Whether this action cannot be executed by a blocked user.
getFormFields()
Get an HTMLForm descriptor array.
setParameter( $par)
Maybe do something interesting with the subpage parameter.
requiresWrite()
Whether this action requires the wiki not to be locked.
string $par
The sub-page of the special page.
execute( $par)
Basic SpecialPage workflow: get a form, send it to the user; get some data back,.
Object handling generic submission, CSRF protection, layout and other logic for UI forms.
Definition HTMLForm.php:130
Parent class for all special pages.
getName()
Get the name of this Special Page.
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
checkLoginSecurityLevel( $level=null)
Verifies that the user meets the security level, possibly reauthenticating them in the process.
getUser()
Shortcut to get the User executing this instance.
checkPermissions()
Checks if userCanExecute, and if not throws a PermissionsError.
getContext()
Gets the context this SpecialPage is executed in.
msg( $key)
Wrapper around wfMessage that sets the current context.
getRequest()
Get the WebRequest being used for this instance.
checkReadOnly()
If the wiki is currently in readonly mode, throws a ReadOnlyError.
getLoginSecurityLevel()
Tells if the special page does something security-sensitive and needs extra defense against a stolen ...
Show an error when the user tries to do something whilst blocked.
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:53
isBlocked( $bFromSlave=true)
Check if user is blocked.
Definition User.php:2300
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on and they can depend only on the ResourceLoaderContext $context
Definition hooks.txt:2811
$params