MediaWiki master
FormSpecialPage.php
Go to the documentation of this file.
1<?php
24namespace MediaWiki\SpecialPage;
25
33
41abstract class FormSpecialPage extends SpecialPage {
46 protected $par = null;
47
52 protected $reauthPostData = null;
53
58 abstract protected function getFormFields();
59
65 protected function preHtml() {
66 return '';
67 }
68
74 protected function postHtml() {
75 return '';
76 }
77
83 protected function preText() {
84 wfDeprecated( __METHOD__, '1.38' );
85 return $this->preHtml();
86 }
87
93 protected function postText() {
94 wfDeprecated( __METHOD__, '1.38' );
95 return $this->postHtml();
96 }
97
102 protected function alterForm( HTMLForm $form ) {
103 }
104
111 protected function getMessagePrefix() {
112 return strtolower( $this->getName() );
113 }
114
121 protected function getDisplayFormat() {
122 return 'table';
123 }
124
129 protected function getForm() {
130 $context = $this->getContext();
131 $onSubmit = [ $this, 'onSubmit' ];
132
133 if ( $this->reauthPostData ) {
134 // Restore POST data
135 $context = new DerivativeContext( $context );
136 $oldRequest = $this->getRequest();
137 $context->setRequest( new DerivativeRequest(
138 $oldRequest, $this->reauthPostData + $oldRequest->getQueryValues(), true
139 ) );
140
141 // But don't treat it as a "real" submission just in case of some
142 // crazy kind of CSRF.
143 $onSubmit = static function () {
144 return false;
145 };
146 }
147
148 $form = HTMLForm::factory(
149 $this->getDisplayFormat(),
150 $this->getFormFields(),
151 $context,
152 $this->getMessagePrefix()
153 );
154 if ( !$this->requiresPost() ) {
155 $form->setMethod( 'get' );
156 }
157 $form->setSubmitCallback( $onSubmit );
158 if ( $this->getDisplayFormat() !== 'ooui' ) {
159 // No legend and wrapper by default in OOUI forms, but can be set manually
160 // from alterForm()
161 $form->setWrapperLegendMsg( $this->getMessagePrefix() . '-legend' );
162 }
163
164 $headerMsg = $this->msg( $this->getMessagePrefix() . '-text' );
165 if ( !$headerMsg->isDisabled() ) {
166 $form->addHeaderHtml( $headerMsg->parseAsBlock() );
167 }
168
169 // preText / postText are deprecated, but we need to keep calling them until the end of
170 // the deprecation process so a subclass overriding *Text and *Html both work
171 $form->addPreHtml( MWDebug::detectDeprecatedOverride( $this, __CLASS__, 'preText', '1.38' )
172 ? $this->preText()
173 : $this->preHtml()
174 );
175 $form->addPostHtml( MWDebug::detectDeprecatedOverride( $this, __CLASS__, 'postText', '1.38' )
176 ? $this->postText()
177 : $this->postHtml()
178 );
179
180 // Give precedence to subpage syntax
181 $field = $this->getSubpageField();
182 // cast to string so that "0" is not thrown away
183 if ( strval( $this->par ) !== '' && $field ) {
184 $this->getRequest()->setVal( $form->getField( $field )->getName(), $this->par );
185 $form->setTitle( $this->getPageTitle() );
186 }
187 $this->alterForm( $form );
188 if ( $form->getMethod() == 'post' ) {
189 // Retain query parameters (uselang etc) on POST requests
190 $params = array_diff_key(
191 $this->getRequest()->getQueryValues(), [ 'title' => null ] );
192 $form->addHiddenField( 'redirectparams', wfArrayToCgi( $params ) );
193 }
194
195 // Give hooks a chance to alter the form, adding extra fields or text etc
196 $this->getHookRunner()->onSpecialPageBeforeFormDisplay( $this->getName(), $form );
197
198 return $form;
199 }
200
210 abstract public function onSubmit( array $data /* HTMLForm $form = null */ );
211
217 public function onSuccess() {
218 }
219
225 public function execute( $par ) {
226 $this->setParameter( $par );
227 $this->setHeaders();
228 $this->outputHeader();
229
230 // This will throw exceptions if there's a problem
231 $this->checkExecutePermissions( $this->getUser() );
232
233 $securityLevel = $this->getLoginSecurityLevel();
234 if ( $securityLevel !== false && !$this->checkLoginSecurityLevel( $securityLevel ) ) {
235 return;
236 }
237
238 $form = $this->getForm();
239 // GET forms can be set as includable
240 if ( !$this->including() ) {
241 $result = $this->getShowAlways() ? $form->showAlways() : $form->show();
242 } else {
243 $result = $form->prepareForm()->tryAuthorizedSubmit();
244 }
245 if ( $result === true || ( $result instanceof Status && $result->isGood() ) ) {
246 $this->onSuccess();
247 }
248 }
249
255 protected function getShowAlways() {
256 return false;
257 }
258
263 protected function setParameter( $par ) {
264 $this->par = $par;
265 }
266
272 protected function getSubpageField() {
273 return false;
274 }
275
282 protected function checkExecutePermissions( User $user ) {
283 $this->checkPermissions();
284
285 if ( $this->requiresUnblock() ) {
286 $block = $user->getBlock();
287 if ( $block && $block->isSitewide() ) {
288 throw new UserBlockedError(
289 $block,
290 $user,
291 $this->getLanguage(),
292 $this->getRequest()->getIP()
293 );
294 }
295 }
296
297 if ( $this->requiresWrite() ) {
298 $this->checkReadOnly();
299 }
300 }
301
307 public function requiresPost() {
308 return true;
309 }
310
315 public function requiresWrite() {
316 return $this->requiresPost();
317 }
318
323 public function requiresUnblock() {
324 return $this->requiresPost();
325 }
326
333 protected function setReauthPostData( array $data ) {
334 $this->reauthPostData = $data;
335 }
336}
337
339class_alias( FormSpecialPage::class, 'FormSpecialPage' );
wfArrayToCgi( $array1, $array2=null, $prefix='')
This function takes one or two arrays as input, and returns a CGI-style string, e....
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Logs a warning that a deprecated feature was used.
array $params
The job parameters.
An IContextSource implementation which will inherit context from another source but allow individual ...
Debug toolbar.
Definition MWDebug.php:49
Object handling generic submission, CSRF protection, layout and other logic for UI forms in a reusabl...
Definition HTMLForm.php:209
Similar to MediaWiki\Request\FauxRequest, but only fakes URL parameters and method (POST or GET) and ...
Special page which uses an HTMLForm to handle processing.
getMessagePrefix()
Get message prefix for HTMLForm.
requiresUnblock()
Whether this action cannot be executed by a blocked user, default to requiresPost()
onSuccess()
Do something exciting on successful processing of the form, most likely to show a confirmation messag...
requiresPost()
Whether this action should using POST method to submit, default to true.
getShowAlways()
Whether the form should always be shown despite the success of submission.
getForm()
Get the HTMLForm to control behavior.
postText()
Add post-text to the form.
setParameter( $par)
Maybe do something interesting with the subpage parameter.
execute( $par)
Basic SpecialPage workflow: get a form, send it to the user; get some data back,.
requiresWrite()
Whether this action requires the wiki not to be locked, default to requiresPost()
alterForm(HTMLForm $form)
Play with the HTMLForm if you need to more substantially.
setReauthPostData(array $data)
Preserve POST data across reauthentication.
string null $par
The subpage of the special page.
array null $reauthPostData
POST data preserved across re-authentication.
getSubpageField()
Override this function to set the field name used in the subpage syntax.
preText()
Add pre-text to the form.
checkExecutePermissions(User $user)
Called from execute() to check if the given user can perform this action.
getFormFields()
Get an HTMLForm descriptor array.
preHtml()
Add pre-HTML to the form.
onSubmit(array $data)
Process the form on submission.
getDisplayFormat()
Get display format for the form.
postHtml()
Add post-HTML to the form.
Parent class for all special pages.
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
getUser()
Shortcut to get the User executing this instance.
getPageTitle( $subpage=false)
Get a self-referential title object.
checkPermissions()
Checks if userCanExecute, and if not throws a PermissionsError.
checkReadOnly()
If the wiki is currently in readonly mode, throws a ReadOnlyError.
getContext()
Gets the context this SpecialPage is executed in.
getRequest()
Get the WebRequest being used for this instance.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getLoginSecurityLevel()
Tells if the special page does something security-sensitive and needs extra defense against a stolen ...
including( $x=null)
Whether the special page is being evaluated via transclusion.
getLanguage()
Shortcut to get user's language.
outputHeader( $summaryMessageKey='')
Outputs a summary message on top of special pages By default the message key is the canonical name of...
getName()
Get the canonical, unlocalized name of this special page without namespace.
checkLoginSecurityLevel( $level=null)
Verifies that the user meets the security level, possibly reauthenticating them in the process.
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:54
internal since 1.36
Definition User.php:93
getBlock( $freshness=IDBAccessObject::READ_NORMAL, $disableIpBlockExemptChecking=false)
Get the block affecting the user, or null if the user is not blocked.
Definition User.php:1418
isGood()
Returns whether the operation completed and didn't have any error or warnings.
Show an error when the user tries to do something whilst blocked.