| Index: trunk/extensions/ContactPage/SpecialContact.php |
| — | — | @@ -39,6 +39,7 @@ |
| 40 | 40 | */ |
| 41 | 41 | function execute( $par ) { |
| 42 | 42 | global $wgUser, $wgOut, $wgRequest, $wgEnableEmail, $wgContactUser, $wgContactSender; |
| | 43 | + $fname = "SpecialContact::execute"; |
| 43 | 44 | |
| 44 | 45 | if( !$wgEnableEmail || !$wgContactUser || !$wgContactSender) { |
| 45 | 46 | $wgOut->showErrorPage( "nosuchspecialpage", "nospecialpagetext" ); |
| — | — | @@ -57,11 +58,29 @@ |
| 58 | 59 | $f = new EmailContactForm( $nu ); |
| 59 | 60 | |
| 60 | 61 | if ( "success" == $action ) { |
| | 62 | + wfDebug( "$fname: success.\n" ); |
| 61 | 63 | $f->showSuccess( ); |
| 62 | | - } else if ( "submit" == $action && $wgRequest->wasPosted() && |
| 63 | | - $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) { |
| 64 | | - $f->doSubmit(); |
| | 64 | + } else if ( "submit" == $action && $wgRequest->wasPosted() ) {# |
| | 65 | + $token = $wgRequest->getVal( 'wpEditToken' ); |
| | 66 | + |
| | 67 | + if( $wgUser->isAnon() ) { |
| | 68 | + # Anonymous users may not have a session |
| | 69 | + # open. Check for suffix anyway. |
| | 70 | + $tokenOk = ( EDIT_TOKEN_SUFFIX == $token ); |
| | 71 | + } else { |
| | 72 | + $tokenOk = $wgUser->matchEditToken( $token ); |
| | 73 | + } |
| | 74 | + |
| | 75 | + if ( $tokenOk ) { |
| | 76 | + wfDebug( "$fname: submit\n" ); |
| | 77 | + $f->doSubmit(); |
| | 78 | + } else { |
| | 79 | + wfDebug( "$fname: bad token (".($wgUser->isAnon()?'anon':'user')."): $token\n" ); |
| | 80 | + $wgOut->addWikiText( wfMsg( 'sessionfailure' ) ); |
| | 81 | + $f->showForm(); |
| | 82 | + } |
| 65 | 83 | } else { |
| | 84 | + wfDebug( "$fname: form\n" ); |
| 66 | 85 | $f->showForm(); |
| 67 | 86 | } |
| 68 | 87 | } |
| — | — | @@ -124,7 +143,7 @@ |
| 125 | 144 | |
| 126 | 145 | $titleObj = SpecialPage::getTitleFor( "Contact" ); |
| 127 | 146 | $action = $titleObj->escapeLocalURL( "action=submit" ); |
| 128 | | - $token = $wgUser->editToken(); |
| | 147 | + $token = $wgUser->isAnon() ? EDIT_TOKEN_SUFFIX : $wgUser->editToken(); //this kind of sucks, really... |
| 129 | 148 | |
| 130 | 149 | $wgOut->addHTML( " |
| 131 | 150 | <form id=\"emailuser\" method=\"post\" action=\"{$action}\"> |
