MediaWiki:Common.js: Difference between revisions

Line 997:

function buildLogoutForm( token ) {

// ~~POST logout~~ = ~~no confirmation interstitial~~. ~~returnto sends them home~~.

token = token || '';

var esc = String( token ).replace( /"/g, '"' );

var script = ( window.mw && mw.util && mw.util.wikiScript ) ? mw.util.wikiScript() : '/index.php';

var form = document.createElement( 'form' );

form.method = 'post';

form.action = ~~( window.mw ? mw.util.wikiScript() : '/index.php' )~~ + '?title=Special:UserLogout';

form.action = script + '?title=Special:UserLogout';

form.style.display = 'none';

form.innerHTML =

'<input type="hidden" name="wpEditToken" value="' + ~~token.replace(/"/g,'"')~~ + '">' +

'<input type="hidden" name="wpEditToken" value="' + esc + '">' +

'<input type="hidden" name="title" value="Special:UserLogout">' +

'<input type="hidden" name="returnto" value="Main Page">';

Line 1,072:

Line 1,074:

document.getElementById( 'gr-logout-link' ).addEventListener( 'click', function ( e ) {

e.preventDefault();

buildLogoutForm( token ).~~submit~~();

// Fetch a fresh CSRF token at click time (more reliable than at load time)

if ( window.mw && mw.user && mw.user.tokens ) {

var t = mw.user.tokens.get( 'csrfToken' );

if ( t ) { buildLogoutForm( t ).submit(); return; }

}

// Fallback: use the API to get a logout token, then submit

if ( window.mw && mw.Api ) {

new mw.Api().postWithToken( 'csrf', { action: 'logout' } )

.done( function () { location.href = '/Main_Page'; } )

.fail( function () { location.href = '/index.php?title=Special:UserLogout'; } );

} else {

location.href = '/index.php?title=Special:UserLogout';

}

} );

}

@@ Line 997: / Line 997: @@
    function buildLogoutForm( token ) {
-     // POST logout = no confirmation interstitial. returnto sends them home.
+     token = token || '';
+    var esc = String( token ).replace( /"/g, '&quot;' );
+    var script = ( window.mw && mw.util && mw.util.wikiScript ) ? mw.util.wikiScript() : '/index.php';
      var form = document.createElement( 'form' );
      form.method = 'post';
-     form.action = ( window.mw ? mw.util.wikiScript() : '/index.php' ) + '?title=Special:UserLogout';
+     form.action = script + '?title=Special:UserLogout';
      form.style.display = 'none';
      form.innerHTML =
-       '<input type="hidden" name="wpEditToken" value="' + token.replace(/"/g,'&quot;') + '">' +
+       '<input type="hidden" name="wpEditToken" value="' + esc + '">' +
        '<input type="hidden" name="title" value="Special:UserLogout">' +
        '<input type="hidden" name="returnto" value="Main Page">';
@@ Line 1,072: / Line 1,074: @@
      document.getElementById( 'gr-logout-link' ).addEventListener( 'click', function ( e ) {
        e.preventDefault();
-       buildLogoutForm( token ).submit();
+       // Fetch a fresh CSRF token at click time (more reliable than at load time)
+      if ( window.mw && mw.user && mw.user.tokens ) {
+        var t = mw.user.tokens.get( 'csrfToken' );
+        if ( t ) { buildLogoutForm( t ).submit(); return; }
+      }
+      // Fallback: use the API to get a logout token, then submit
+      if ( window.mw && mw.Api ) {
+        new mw.Api().postWithToken( 'csrf', { action: 'logout' } )
+          .done( function () { location.href = '/Main_Page'; } )
+          .fail( function () { location.href = '/index.php?title=Special:UserLogout'; } );
+      } else {
+        location.href = '/index.php?title=Special:UserLogout';
+      }
      } );
    }