MediaWiki 1.30.2

[autoinstallsdev/mediawiki.git] / includes / specials / SpecialUserlogout.php

diff --git a/includes/specials/SpecialUserlogout.php b/includes/specials/SpecialUserlogout.php
index 39b5b2843473567314addcdf70695c827c88e06d..568327d25b239c457620f502b1bd6accdd56fe8b 100644 (file)
--- a/includes/specials/SpecialUserlogout.php
+++ b/includes/specials/SpecialUserlogout.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * Implements Special:Upload
+ * Implements Special:Userlogout
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -26,38 +26,82 @@
  *
  * @ingroup SpecialPage
  */
-class SpecialUserlogout extends UnlistedSpecialPage {
-
+class SpecialUserLogout extends UnlistedSpecialPage {
        function __construct() {
                parent::__construct( 'Userlogout' );
        }
 
-       function execute( $par ) {
-               global $wgUser, $wgOut;
+       public function doesWrites() {
+               return true;
+       }
 
+       function execute( $par ) {
                /**
                 * Some satellite ISPs use broken precaching schemes that log people out straight after
-                * they're logged in (bug 17790). Luckily, there's a way to detect such requests.
+                * they're logged in (T19790). Luckily, there's a way to detect such requests.
                 */
                if ( isset( $_SERVER['REQUEST_URI'] ) && strpos( $_SERVER['REQUEST_URI'], '&amp;' ) !== false ) {
-                       wfDebug( "Special:Userlogout request {$_SERVER['REQUEST_URI']} looks suspicious, denying.\n" );
-                       wfHttpError( 400, wfMsg( 'loginerror' ), wfMsg( 'suspicious-userlogout' ) );
-                       return;
+                       wfDebug( "Special:UserLogout request {$_SERVER['REQUEST_URI']} looks suspicious, denying.\n" );
+                       throw new HttpError( 400, $this->msg( 'suspicious-userlogout' ), $this->msg( 'loginerror' ) );
                }
 
                $this->setHeaders();
                $this->outputHeader();
 
-               $oldName = $wgUser->getName();
-               $wgUser->logout();
+               $out = $this->getOutput();
+               $user = $this->getUser();
+               $request = $this->getRequest();
 
-               $wgOut->addWikiMsg( 'logouttext' );
+               $logoutToken = $request->getVal( 'logoutToken' );
+               $urlParams = [
+                       'logoutToken' => $user->getEditToken( 'logoutToken', $request )
+               ] + $request->getValues();
+               unset( $urlParams['title'] );
+               $continueLink = $this->getFullTitle()->getFullUrl( $urlParams );
+
+               if ( $logoutToken === null ) {
+                       $this->getOutput()->addWikiMsg( 'userlogout-continue', $continueLink );
+                       return;
+               }
+               if ( !$this->getUser()->matchEditToken(
+                       $logoutToken, 'logoutToken', $this->getRequest(), 24 * 60 * 60
+               ) ) {
+                       $this->getOutput()->addWikiMsg( 'userlogout-sessionerror', $continueLink );
+                       return;
+               }
+
+               // Make sure it's possible to log out
+               $session = MediaWiki\Session\SessionManager::getGlobalSession();
+               if ( !$session->canSetUser() ) {
+                       throw new ErrorPageError(
+                               'cannotlogoutnow-title',
+                               'cannotlogoutnow-text',
+                               [
+                                       $session->getProvider()->describe( RequestContext::getMain()->getLanguage() )
+                               ]
+                       );
+               }
+
+               $user = $this->getUser();
+               $oldName = $user->getName();
+
+               $user->logout();
+
+               $loginURL = SpecialPage::getTitleFor( 'Userlogin' )->getFullURL(
+                       $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
+
+               $out = $this->getOutput();
+               $out->addWikiMsg( 'logouttext', $loginURL );
 
                // Hook.
                $injected_html = '';
-               wfRunHooks( 'UserLogoutComplete', array( &$wgUser, &$injected_html, $oldName ) );
-               $wgOut->addHTML( $injected_html );
+               Hooks::run( 'UserLogoutComplete', [ &$user, &$injected_html, $oldName ] );
+               $out->addHTML( $injected_html );
+
+               $out->returnToMain();
+       }
 
-               $wgOut->returnToMain();
+       protected function getGroupName() {
+               return 'login';
        }
 }