diff options
Diffstat (limited to 'includes/api/ApiQueryUserInfo.php')
-rw-r--r-- | includes/api/ApiQueryUserInfo.php | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/includes/api/ApiQueryUserInfo.php b/includes/api/ApiQueryUserInfo.php index 1a491eca..3c85ea69 100644 --- a/includes/api/ApiQueryUserInfo.php +++ b/includes/api/ApiQueryUserInfo.php @@ -104,12 +104,15 @@ class ApiQueryUserInfo extends ApiQueryBase { } if ( isset( $this->prop['preferencestoken'] ) && - is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) + is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) && + $user->isAllowed( 'editmyoptions' ) ) { $vals['preferencestoken'] = $user->getEditToken( '', $this->getMain()->getRequest() ); } if ( isset( $this->prop['editcount'] ) ) { + // use intval to prevent null if a non-logged-in user calls + // api.php?format=jsonfm&action=query&meta=userinfo&uiprop=editcount $vals['editcount'] = intval( $user->getEditCount() ); } @@ -121,11 +124,13 @@ class ApiQueryUserInfo extends ApiQueryBase { $vals['realname'] = $user->getRealName(); } - if ( isset( $this->prop['email'] ) ) { - $vals['email'] = $user->getEmail(); - $auth = $user->getEmailAuthenticationTimestamp(); - if ( !is_null( $auth ) ) { - $vals['emailauthenticated'] = wfTimestamp( TS_ISO_8601, $auth ); + if ( $user->isAllowed( 'viewmyprivateinfo' ) ) { + if ( isset( $this->prop['email'] ) ) { + $vals['email'] = $user->getEmail(); + $auth = $user->getEmailAuthenticationTimestamp(); + if ( !is_null( $auth ) ) { + $vals['emailauthenticated'] = wfTimestamp( TS_ISO_8601, $auth ); + } } } @@ -167,8 +172,9 @@ class ApiQueryUserInfo extends ApiQueryBase { if ( $user->isNewbie() ) { $categories[] = 'ip'; $categories[] = 'subnet'; - if ( !$user->isAnon() ) + if ( !$user->isAnon() ) { $categories[] = 'newbie'; + } } $categories = array_merge( $categories, $user->getGroups() ); |