HTMLForm.php

<?php

/**
 * HTML form generation and submission handling.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 */

/**
 * Object handling generic submission, CSRF protection, layout and
 * other logic for UI forms. in a reusable manner.
 *
 * In order to generate the form, the HTMLForm object takes an array
 * structure detailing the form fields available. Each element of the
 * array is a basic property-list, including the type of field, the
 * label it is to be given in the form, callbacks for validation and
 * 'filtering', and other pertinent information.
 *
 * Field types are implemented as subclasses of the generic HTMLFormField
 * object, and typically implement at least getInputHTML, which generates
 * the HTML for the input field to be placed in the table.
 *
 * You can find extensive documentation on the www.mediawiki.org wiki:
 *  - https://www.mediawiki.org/wiki/HTMLForm
 *  - https://www.mediawiki.org/wiki/HTMLForm/tutorial
 *
 * The constructor input is an associative array of $fieldname => $info,
 * where $info is an Associative Array with any of the following:
 *
 *    'class'               -- the subclass of HTMLFormField that will be used
 *                             to create the object.  *NOT* the CSS class!
 *    'type'                -- roughly translates into the <select> type attribute.
 *                             if 'class' is not specified, this is used as a map
 *                             through HTMLForm::$typeMappings to get the class name.
 *    'default'             -- default value when the form is displayed
 *    'id'                  -- HTML id attribute
 *    'cssclass'            -- CSS class
 *    'csshelpclass'        -- CSS class used to style help text
 *    'dir'                 -- Direction of the element.
 *    'options'             -- associative array mapping labels to values.
 *                             Some field types support multi-level arrays.
 *    'options-messages'    -- associative array mapping message keys to values.
 *                             Some field types support multi-level arrays.
 *    'options-message'     -- message key to be parsed to extract the list of
 *                             options (like 'ipbreason-dropdown').
 *    'label-message'       -- message key for a message to use as the label.
 *                             can be an array of msg key and then parameters to
 *                             the message.
 *    'label'               -- alternatively, a raw text message. Overridden by
 *                             label-message
 *    'help'                -- message text for a message to use as a help text.
 *    'help-message'        -- message key for a message to use as a help text.
 *                             can be an array of msg key and then parameters to
 *                             the message.
 *                             Overwrites 'help-messages' and 'help'.
 *    'help-messages'       -- array of message key. As above, each item can
 *                             be an array of msg key and then parameters.
 *                             Overwrites 'help'.
 *    'required'            -- passed through to the object, indicating that it
 *                             is a required field.
 *    'size'                -- the length of text fields
 *    'filter-callback      -- a function name to give you the chance to
 *                             massage the inputted value before it's processed.
 *                             @see HTMLFormField::filter()
 *    'validation-callback' -- a function name to give you the chance
 *                             to impose extra validation on the field input.
 *                             @see HTMLFormField::validate()
 *    'name'                -- By default, the 'name' attribute of the input field
 *                             is "wp{$fieldname}".  If you want a different name
 *                             (eg one without the "wp" prefix), specify it here and
 *                             it will be used without modification.
 *    'hide-if'             -- expression given as an array stating when the field
 *                             should be hidden. The first array value has to be the
 *                             expression's logic operator. Supported expressions:
 *                               'NOT'
 *                                 [ 'NOT', array $expression ]
 *                                 To hide a field if a given expression is not true.
 *                               '==='
 *                                 [ '===', string $fieldName, string $value ]
 *                                 To hide a field if another field identified by
 *                                 $field has the value $value.
 *                               '!=='
 *                                 [ '!==', string $fieldName, string $value ]
 *                                 Same as [ 'NOT', [ '===', $fieldName, $value ]
 *                               'OR', 'AND', 'NOR', 'NAND'
 *                                 [ 'XXX', array $expression1, ..., array $expressionN ]
 *                                 To hide a field if one or more (OR), all (AND),
 *                                 neither (NOR) or not all (NAND) given expressions
 *                                 are evaluated as true.
 *                             The expressions will be given to a JavaScript frontend
 *                             module which will continually update the field's
 *                             visibility.
 *
 * Since 1.20, you can chain mutators to ease the form generation:
 * @par Example:
 * @code
 * $form = new HTMLForm( $someFields );
 * $form->setMethod( 'get' )
 *      ->setWrapperLegendMsg( 'message-key' )
 *      ->prepareForm()
 *      ->displayForm( '' );
 * @endcode
 * Note that you will have prepareForm and displayForm at the end. Other
 * methods call done after that would simply not be part of the form :(
 *
 * @todo Document 'section' / 'subsection' stuff
 */
class HTMLForm extends ContextSource {
	// A mapping of 'type' inputs onto standard HTMLFormField subclasses
	public static $typeMappings = array(
		'api' => 'HTMLApiField',
		'text' => 'HTMLTextField',
		'textwithbutton' => 'HTMLTextFieldWithButton',
		'textarea' => 'HTMLTextAreaField',
		'select' => 'HTMLSelectField',
		'radio' => 'HTMLRadioField',
		'multiselect' => 'HTMLMultiSelectField',
		'limitselect' => 'HTMLSelectLimitField',
		'check' => 'HTMLCheckField',
		'toggle' => 'HTMLCheckField',
		'int' => 'HTMLIntField',
		'float' => 'HTMLFloatField',
		'info' => 'HTMLInfoField',
		'selectorother' => 'HTMLSelectOrOtherField',
		'selectandother' => 'HTMLSelectAndOtherField',
		'namespaceselect' => 'HTMLSelectNamespace',
		'namespaceselectwithbutton' => 'HTMLSelectNamespaceWithButton',
		'tagfilter' => 'HTMLTagFilter',
		'submit' => 'HTMLSubmitField',
		'hidden' => 'HTMLHiddenField',
		'edittools' => 'HTMLEditTools',
		'checkmatrix' => 'HTMLCheckMatrix',
		'cloner' => 'HTMLFormFieldCloner',
		'autocompleteselect' => 'HTMLAutoCompleteSelectField',
		// HTMLTextField will output the correct type="" attribute automagically.
		// There are about four zillion other HTML5 input types, like range, but
		// we don't use those at the moment, so no point in adding all of them.
		'email' => 'HTMLTextField',
		'password' => 'HTMLTextField',
		'url' => 'HTMLTextField',
		'title' => 'HTMLTitleTextField',
		'user' => 'HTMLUserTextField',
	);

	public $mFieldData;

	protected $mMessagePrefix;

	/** @var HTMLFormField[] */
	protected $mFlatFields;

	protected $mFieldTree;
	protected $mShowReset = false;
	protected $mShowSubmit = true;
	protected $mSubmitFlags = array( 'constructive', 'primary' );

	protected $mSubmitCallback;
	protected $mValidationErrorMessage;

	protected $mPre = '';
	protected $mHeader = '';
	protected $mFooter = '';
	protected $mSectionHeaders = array();
	protected $mSectionFooters = array();
	protected $mPost = '';
	protected $mId;
	protected $mTableId = '';

	protected $mSubmitID;
	protected $mSubmitName;
	protected $mSubmitText;
	protected $mSubmitTooltip;

	protected $mTitle;
	protected $mMethod = 'post';
	protected $mWasSubmitted = false;

	/**
	 * Form action URL. false means we will use the URL to set Title
	 * @since 1.19
	 * @var bool|string
	 */
	protected $mAction = false;

	protected $mUseMultipart = false;
	protected $mHiddenFields = array();
	protected $mButtons = array();

	protected $mWrapperLegend = false;

	/**
	 * Salt for the edit token.
	 * @var string|array
	 */
	protected $mTokenSalt = '';

	/**
	 * If true, sections that contain both fields and subsections will
	 * render their subsections before their fields.
	 *
	 * Subclasses may set this to false to render subsections after fields
	 * instead.
	 */
	protected $mSubSectionBeforeFields = true;

	/**
	 * Format in which to display form. For viable options,
	 * @see $availableDisplayFormats
	 * @var string
	 */
	protected $displayFormat = 'table';

	/**
	 * Available formats in which to display the form
	 * @var array
	 */
	protected $availableDisplayFormats = array(
		'table',
		'div',
		'raw',
		'inline',
	);

	/**
	 * Available formats in which to display the form
	 * @var array
	 */
	protected $availableSubclassDisplayFormats = array(
		'vform',
		'ooui',
	);

	/**
	 * Construct a HTMLForm object for given display type. May return a HTMLForm subclass.
	 *
	 * @param string $displayFormat
	 * @param mixed $arguments... Additional arguments to pass to the constructor.
	 * @return HTMLForm
	 */
	public static function factory( $displayFormat/*, $arguments...*/ ) {
		$arguments = func_get_args();
		array_shift( $arguments );

		switch ( $displayFormat ) {
			case 'vform':
				$reflector = new ReflectionClass( 'VFormHTMLForm' );
				return $reflector->newInstanceArgs( $arguments );
			case 'ooui':
				$reflector = new ReflectionClass( 'OOUIHTMLForm' );
				return $reflector->newInstanceArgs( $arguments );
			default:
				$reflector = new ReflectionClass( 'HTMLForm' );
				$form = $reflector->newInstanceArgs( $arguments );
				$form->setDisplayFormat( $displayFormat );
				return $form;
		}
	}

	/**
	 * Build a new HTMLForm from an array of field attributes
	 *
	 * @param array $descriptor Array of Field constructs, as described above
	 * @param IContextSource $context Available since 1.18, will become compulsory in 1.18.
	 *     Obviates the need to call $form->setTitle()
	 * @param string $messagePrefix A prefix to go in front of default messages
	 */
	public function __construct( $descriptor, /*IContextSource*/ $context = null,
		$messagePrefix = ''
	) {
		if ( $context instanceof IContextSource ) {
			$this->setContext( $context );
			$this->mTitle = false; // We don't need them to set a title
			$this->mMessagePrefix = $messagePrefix;
		} elseif ( is_null( $context ) && $messagePrefix !== '' ) {
			$this->mMessagePrefix = $messagePrefix;
		} elseif ( is_string( $context ) && $messagePrefix === '' ) {
			// B/C since 1.18
			// it's actually $messagePrefix
			$this->mMessagePrefix = $context;
		}

		// Evil hack for mobile :(
		if (
			!$this->getConfig()->get( 'HTMLFormAllowTableFormat' )
			&& $this->displayFormat === 'table'
		) {
			$this->displayFormat = 'div';
		}

		// Expand out into a tree.
		$loadedDescriptor = array();
		$this->mFlatFields = array();

		foreach ( $descriptor as $fieldname => $info ) {
			$section = isset( $info['section'] )
				? $info['section']
				: '';

			if ( isset( $info['type'] ) && $info['type'] == 'file' ) {
				$this->mUseMultipart = true;
			}

			$field = static::loadInputFromParameters( $fieldname, $info, $this );

			$setSection =& $loadedDescriptor;
			if ( $section ) {
				$sectionParts = explode( '/', $section );

				while ( count( $sectionParts ) ) {
					$newName = array_shift( $sectionParts );

					if ( !isset( $setSection[$newName] ) ) {
						$setSection[$newName] = array();
					}

					$setSection =& $setSection[$newName];
				}
			}

			$setSection[$fieldname] = $field;
			$this->mFlatFields[$fieldname] = $field;
		}

		$this->mFieldTree = $loadedDescriptor;
	}

	/**
	 * Set format in which to display the form
	 *
	 * @param string $format The name of the format to use, must be one of
	 *   $this->availableDisplayFormats
	 *
	 * @throws MWException
	 * @since 1.20
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	public function setDisplayFormat( $format ) {
		if (
			in_array( $format, $this->availableSubclassDisplayFormats ) ||
			in_array( $this->displayFormat, $this->availableSubclassDisplayFormats )
		) {
			throw new MWException( 'Cannot change display format after creation, ' .
				'use HTMLForm::factory() instead' );
		}

		if ( !in_array( $format, $this->availableDisplayFormats ) ) {
			throw new MWException( 'Display format must be one of ' .
				print_r( $this->availableDisplayFormats, true ) );
		}

		// Evil hack for mobile :(
		if ( !$this->getConfig()->get( 'HTMLFormAllowTableFormat' ) && $format === 'table' ) {
			$format = 'div';
		}

		$this->displayFormat = $format;

		return $this;
	}

	/**
	 * Getter for displayFormat
	 * @since 1.20
	 * @return string
	 */
	public function getDisplayFormat() {
		return $this->displayFormat;
	}

	/**
	 * Test if displayFormat is 'vform'
	 * @since 1.22
	 * @deprecated since 1.25
	 * @return bool
	 */
	public function isVForm() {
		wfDeprecated( __METHOD__, '1.25' );
		return false;
	}

	/**
	 * Get the HTMLFormField subclass for this descriptor.
	 *
	 * The descriptor can be passed either 'class' which is the name of
	 * a HTMLFormField subclass, or a shorter 'type' which is an alias.
	 * This makes sure the 'class' is always set, and also is returned by
	 * this function for ease.
	 *
	 * @since 1.23
	 *
	 * @param string $fieldname Name of the field
	 * @param array $descriptor Input Descriptor, as described above
	 *
	 * @throws MWException
	 * @return string Name of a HTMLFormField subclass
	 */
	public static function getClassFromDescriptor( $fieldname, &$descriptor ) {
		if ( isset( $descriptor['class'] ) ) {
			$class = $descriptor['class'];
		} elseif ( isset( $descriptor['type'] ) ) {
			$class = static::$typeMappings[$descriptor['type']];
			$descriptor['class'] = $class;
		} else {
			$class = null;
		}

		if ( !$class ) {
			throw new MWException( "Descriptor with no class for $fieldname: "
				. print_r( $descriptor, true ) );
		}

		return $class;
	}

	/**
	 * Initialise a new Object for the field
	 *
	 * @param string $fieldname Name of the field
	 * @param array $descriptor Input Descriptor, as described above
	 * @param HTMLForm|null $parent Parent instance of HTMLForm
	 *
	 * @throws MWException
	 * @return HTMLFormField Instance of a subclass of HTMLFormField
	 */
	public static function loadInputFromParameters( $fieldname, $descriptor,
		HTMLForm $parent = null
	) {
		$class = static::getClassFromDescriptor( $fieldname, $descriptor );

		$descriptor['fieldname'] = $fieldname;
		if ( $parent ) {
			$descriptor['parent'] = $parent;
		}

		# @todo This will throw a fatal error whenever someone try to use
		# 'class' to feed a CSS class instead of 'cssclass'. Would be
		# great to avoid the fatal error and show a nice error.
		$obj = new $class( $descriptor );

		return $obj;
	}

	/**
	 * Prepare form for submission.
	 *
	 * @attention When doing method chaining, that should be the very last
	 * method call before displayForm().
	 *
	 * @throws MWException
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	function prepareForm() {
		# Check if we have the info we need
		if ( !$this->mTitle instanceof Title && $this->mTitle !== false ) {
			throw new MWException( "You must call setTitle() on an HTMLForm" );
		}

		# Load data from the request.
		$this->loadData();

		return $this;
	}

	/**
	 * Try submitting, with edit token check first
	 * @return Status|bool
	 */
	function tryAuthorizedSubmit() {
		$result = false;

		$submit = false;
		if ( $this->getMethod() != 'post' ) {
			$submit = true; // no session check needed
		} elseif ( $this->getRequest()->wasPosted() ) {
			$editToken = $this->getRequest()->getVal( 'wpEditToken' );
			if ( $this->getUser()->isLoggedIn() || $editToken != null ) {
				// Session tokens for logged-out users have no security value.
				// However, if the user gave one, check it in order to give a nice
				// "session expired" error instead of "permission denied" or such.
				$submit = $this->getUser()->matchEditToken( $editToken, $this->mTokenSalt );
			} else {
				$submit = true;
			}
		}

		if ( $submit ) {
			$this->mWasSubmitted = true;
			$result = $this->trySubmit();
		}

		return $result;
	}

	/**
	 * The here's-one-I-made-earlier option: do the submission if
	 * posted, or display the form with or without funky validation
	 * errors
	 * @return bool|Status Whether submission was successful.
	 */
	function show() {
		$this->prepareForm();

		$result = $this->tryAuthorizedSubmit();
		if ( $result === true || ( $result instanceof Status && $result->isGood() ) ) {
			return $result;
		}

		$this->displayForm( $result );

		return false;
	}

	/**
	 * Validate all the fields, and call the submission callback
	 * function if everything is kosher.
	 * @throws MWException
	 * @return bool|string|array|Status
	 *     - Bool true or a good Status object indicates success,
	 *     - Bool false indicates no submission was attempted,
	 *     - Anything else indicates failure. The value may be a fatal Status
	 *       object, an HTML string, or an array of arrays (message keys and
	 *       params) or strings (message keys)
	 */
	function trySubmit() {
		$this->mWasSubmitted = true;

		# Check for cancelled submission
		foreach ( $this->mFlatFields as $fieldname => $field ) {
			if ( !empty( $field->mParams['nodata'] ) ) {
				continue;
			}
			if ( $field->cancelSubmit( $this->mFieldData[$fieldname], $this->mFieldData ) ) {
				$this->mWasSubmitted = false;
				return false;
			}
		}

		# Check for validation
		foreach ( $this->mFlatFields as $fieldname => $field ) {
			if ( !empty( $field->mParams['nodata'] ) ) {
				continue;
			}
			if ( $field->isHidden( $this->mFieldData ) ) {
				continue;
			}
			if ( $field->validate(
					$this->mFieldData[$fieldname],
					$this->mFieldData )
				!== true
			) {
				return isset( $this->mValidationErrorMessage )
					? $this->mValidationErrorMessage
					: array( 'htmlform-invalid-input' );
			}
		}

		$callback = $this->mSubmitCallback;
		if ( !is_callable( $callback ) ) {
			throw new MWException( 'HTMLForm: no submit callback provided. Use ' .
				'setSubmitCallback() to set one.' );
		}

		$data = $this->filterDataForSubmit( $this->mFieldData );

		$res = call_user_func( $callback, $data, $this );
		if ( $res === false ) {
			$this->mWasSubmitted = false;
		}

		return $res;
	}

	/**
	 * Test whether the form was considered to have been submitted or not, i.e.
	 * whether the last call to tryAuthorizedSubmit or trySubmit returned
	 * non-false.
	 *
	 * This will return false until HTMLForm::tryAuthorizedSubmit or
	 * HTMLForm::trySubmit is called.
	 *
	 * @since 1.23
	 * @return bool
	 */
	function wasSubmitted() {
		return $this->mWasSubmitted;
	}

	/**
	 * Set a callback to a function to do something with the form
	 * once it's been successfully validated.
	 *
	 * @param callable $cb The function will be passed the output from
	 *   HTMLForm::filterDataForSubmit and this HTMLForm object, and must
	 *   return as documented for HTMLForm::trySubmit
	 *
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	function setSubmitCallback( $cb ) {
		$this->mSubmitCallback = $cb;

		return $this;
	}

	/**
	 * Set a message to display on a validation error.
	 *
	 * @param string|array $msg String or Array of valid inputs to wfMessage()
	 *     (so each entry can be either a String or Array)
	 *
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	function setValidationErrorMessage( $msg ) {
		$this->mValidationErrorMessage = $msg;

		return $this;
	}

	/**
	 * Set the introductory message, overwriting any existing message.
	 *
	 * @param string $msg Complete text of message to display
	 *
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	function setIntro( $msg ) {
		$this->setPreText( $msg );

		return $this;
	}

	/**
	 * Set the introductory message, overwriting any existing message.
	 * @since 1.19
	 *
	 * @param string $msg Complete text of message to display
	 *
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	function setPreText( $msg ) {
		$this->mPre = $msg;

		return $this;
	}

	/**
	 * Add introductory text.
	 *
	 * @param string $msg Complete text of message to display
	 *
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	function addPreText( $msg ) {
		$this->mPre .= $msg;

		return $this;
	}

	/**
	 * Add header text, inside the form.
	 *
	 * @param string $msg Complete text of message to display
	 * @param string|null $section The section to add the header to
	 *
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	function addHeaderText( $msg, $section = null ) {
		if ( is_null( $section ) ) {
			$this->mHeader .= $msg;
		} else {
			if ( !isset( $this->mSectionHeaders[$section] ) ) {
				$this->mSectionHeaders[$section] = '';
			}
			$this->mSectionHeaders[$section] .= $msg;
		}

		return $this;
	}

	/**
	 * Set header text, inside the form.
	 * @since 1.19
	 *
	 * @param string $msg Complete text of message to display
	 * @param string|null $section The section to add the header to
	 *
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	function setHeaderText( $msg, $section = null ) {
		if ( is_null( $section ) ) {
			$this->mHeader = $msg;
		} else {
			$this->mSectionHeaders[$section] = $msg;
		}

		return $this;
	}

	/**
	 * Get header text.
	 *
	 * @param string|null $section The section to get the header text for
	 * @since 1.26
	 * @return string
	 */
	function getHeaderText( $section = null ) {
		if ( is_null( $section ) ) {
			return $this->mHeader;
		} else {
			return isset( $this->mSectionHeaders[$section] ) ? $this->mSectionHeaders[$section] : '';
		}
	}

	/**
	 * Add footer text, inside the form.
	 *
	 * @param string $msg Complete text of message to display
	 * @param string|null $section The section to add the footer text to
	 *
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	function addFooterText( $msg, $section = null ) {
		if ( is_null( $section ) ) {
			$this->mFooter .= $msg;
		} else {
			if ( !isset( $this->mSectionFooters[$section] ) ) {
				$this->mSectionFooters[$section] = '';
			}
			$this->mSectionFooters[$section] .= $msg;
		}

		return $this;
	}

	/**
	 * Set footer text, inside the form.
	 * @since 1.19
	 *
	 * @param string $msg Complete text of message to display
	 * @param string|null $section The section to add the footer text to
	 *
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	function setFooterText( $msg, $section = null ) {
		if ( is_null( $section ) ) {
			$this->mFooter = $msg;
		} else {
			$this->mSectionFooters[$section] = $msg;
		}

		return $this;
	}

	/**
	 * Get footer text.
	 *
	 * @param string|null $section The section to get the footer text for
	 * @since 1.26
	 * @return string
	 */
	function getFooterText( $section = null ) {
		if ( is_null( $section ) ) {
			return $this->mFooter;
		} else {
			return isset( $this->mSectionFooters[$section] ) ? $this->mSectionFooters[$section] : '';
		}
	}

	/**
	 * Add text to the end of the display.
	 *
	 * @param string $msg Complete text of message to display
	 *
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	function addPostText( $msg ) {
		$this->mPost .= $msg;

		return $this;
	}

	/**
	 * Set text at the end of the display.
	 *
	 * @param string $msg Complete text of message to display
	 *
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	function setPostText( $msg ) {
		$this->mPost = $msg;

		return $this;
	}

	/**
	 * Add a hidden field to the output
	 *
	 * @param string $name Field name.  This will be used exactly as entered
	 * @param string $value Field value
	 * @param array $attribs
	 *
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	public function addHiddenField( $name, $value, $attribs = array() ) {
		$attribs += array( 'name' => $name );
		$this->mHiddenFields[] = array( $value, $attribs );

		return $this;
	}

	/**
	 * Add an array of hidden fields to the output
	 *
	 * @since 1.22
	 *
	 * @param array $fields Associative array of fields to add;
	 *        mapping names to their values
	 *
	 * @return HTMLForm $this for chaining calls
	 */
	public function addHiddenFields( array $fields ) {
		foreach ( $fields as $name => $value ) {
			$this->mHiddenFields[] = array( $value, array( 'name' => $name ) );
		}

		return $this;
	}

	/**
	 * Add a button to the form
	 *
	 * @param string $name Field name.
	 * @param string $value Field value
	 * @param string $id DOM id for the button (default: null)
	 * @param array $attribs
	 *
	 * @return HTMLForm $this for chaining calls (since 1.20)
	 */
	public function addButton( $name, $value, $id = null, $attribs = null ) {
		$this->mButtons[] = compact( 'name', 'value', 'id', 'attribs' );

		return $this;
	}

	/**
	 * Set the salt for the edit token.
	 *
	 * Only useful when the method is "post".
	 *
	 * @since 1.24
	 * @param string|array $salt Salt to use
	 * @return HTMLForm $this For chaining calls
	 */
	public function setTokenSalt( $salt ) {
		$this->mTokenSalt = $salt;

		return $this;
	}

	/**
	 * Display the form (sending to the context's OutputPage object), with an
	 * appropriate error message or stack of messages, and any validation errors, etc.
	 *
	 * @attention You should call prepareForm() before calling this function.
	 * Moreover, when doing method chaining this should be the very last method
	 * call just after prepareForm().
	 *
	 * @param bool|string|array|Status $submitResult Output from HTMLForm::trySubmit()
	 *
	 * @return void Nothing, should be last call
	 */
	function displayForm( $submitResult ) {
		$this->getOutput()->addHTML( $this->getHTML( $submitResult ) );
	}

	/**
	 * Returns the raw HTML generated by the form
	 *
	 * @param bool|string|array|Status $submitResult Output from HTMLForm::trySubmit()
	 *
	 * @return string
	 */
	function getHTML( $submitResult ) {
		# For good measure (it is the default)
		$this->getOutput()->preventClickjacking();
		$this->getOutput()->addModules( 'mediawiki.htmlform' );
		$this->getOutput()->addModuleStyles( 'mediawiki.htmlform.styles' );

		$html = ''
			. $this->getErrors( $submitResult )
			. $this->getHeaderText()
			. $this->getBody()
			. $this->getHiddenFields()
			. $this->getButtons()
			. $this->getFooterText();

		$html = $this->wrapForm( $html );

		return '' . $this->mPre . $html . $this->mPost;
	}

	/**
	 * Get HTML attributes for the `<form>` tag.
	 * @return array
	 */
	protected function getFormAttributes() {
		# Use multipart/form-data
		$encType = $this->mUseMultipart
			? 'multipart/form-data'
			: 'application/x-www-form-urlencoded';
		# Attributes
		$attribs = array(
			'action' => $this->getAction(),
			'method' => $this->getMethod(),
			'enctype' => $encType,
		);
		if ( !empty( $this->mId ) ) {
			$attribs['id'] = $this->mId;
		}
		return $attribs;
	}

	/**
	 * Wrap the form innards in an actual "<form>" element
	 *
	 * @param string $html HTML contents to wrap.
	 *
	 * @return string Wrapped HTML.
	 */
	function wrapForm( $html ) {
		# Include a <fieldset> wrapper for style, if requested.
		if ( $this->mWrapperLegend !== false ) {
			$legend = is_string( $this->mWrapperLegend ) ? $this->mWrapperLegend : false;
			$html = Xml::fieldset( $legend, $html );
		}

		return Html::rawElement( 'form', $this->getFormAttributes() + array( 'class' => 'visualClear' ), $html );
	}

	/**
	 * Get the hidden fields that should go inside the form.
	 * @return string HTML.
	 */
	function getHiddenFields() {
		$html = '';
		if ( $this->getMethod() == 'post' ) {
			$html .= Html::hidden(
				'wpEditToken',
				$this->getUser()->getEditToken( $this->mTokenSalt ),
				array( 'id' => 'wpEditToken' )
			) . "\n";
			$html .= Html::hidden( 'title', $this->getTitle()->getPrefixedText() ) . "\n";
		}

		$articlePath = $this->getConfig()->get( 'ArticlePath' );
		if ( strpos( $articlePath, '?' ) !== false && $this->getMethod() == 'get' ) {
			$html .= Html::hidden( 'title', $this->getTitle()->getPrefixedText() ) . "\n";
		}

		foreach ( $this->mHiddenFields as $data ) {
			list( $value, $attribs ) = $data;
			$html .= Html::hidden( $attribs['name'], $value, $attribs ) . "\n";
		}

		return $html;
	}

	/**
	 * Get the submit and (potentially) reset buttons.
	 * @return string HTML.
	 */
	function getButtons() {
		$buttons = '';
		$useMediaWikiUIEverywhere = $this->getConfig()->get( 'UseMediaWikiUIEverywhere' );

		if ( $this->mShowSubmit ) {
			$attribs = array();

			if ( isset( $this->mSubmitID ) ) {
				$attribs['id'] = $this->mSubmitID;
			}

			if ( isset( $this->mSubmitName ) ) {
				$attribs['name'] = $this->mSubmitName;
			}