diff options
Diffstat (limited to 'includes/specials/SpecialChangeEmail.php')
-rw-r--r-- | includes/specials/SpecialChangeEmail.php | 67 |
1 files changed, 42 insertions, 25 deletions
diff --git a/includes/specials/SpecialChangeEmail.php b/includes/specials/SpecialChangeEmail.php index 59a02578..aab839fd 100644 --- a/includes/specials/SpecialChangeEmail.php +++ b/includes/specials/SpecialChangeEmail.php @@ -41,7 +41,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage { protected $mNewEmail; public function __construct() { - parent::__construct( 'ChangeEmail' ); + parent::__construct( 'ChangeEmail', 'editmyprivateinfo' ); } /** @@ -49,6 +49,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage { */ function isListed() { global $wgAuth; + return $wgAuth->allowPropChange( 'emailaddress' ); } @@ -67,6 +68,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage { if ( !$wgAuth->allowPropChange( 'emailaddress' ) ) { $this->error( 'cannotchangeemail' ); + return; } @@ -75,22 +77,31 @@ class SpecialChangeEmail extends UnlistedSpecialPage { if ( !$request->wasPosted() && !$user->isLoggedIn() ) { $this->error( 'changeemail-no-info' ); + return; } if ( $request->wasPosted() && $request->getBool( 'wpCancel' ) ) { $this->doReturnTo(); + return; } $this->checkReadOnly(); + $this->checkPermissions(); + + // This could also let someone check the current email address, so + // require both permissions. + if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) { + throw new PermissionsError( 'viewmyprivateinfo' ); + } $this->mPassword = $request->getVal( 'wpPassword' ); $this->mNewEmail = $request->getVal( 'wpNewEmail' ); if ( $request->wasPosted() - && $user->matchEditToken( $request->getVal( 'token' ) ) ) - { + && $user->matchEditToken( $request->getVal( 'token' ) ) + ) { $info = $this->attemptChange( $user, $this->mPassword, $this->mNewEmail ); if ( $info === true ) { $this->doReturnTo(); @@ -138,15 +149,15 @@ class SpecialChangeEmail extends UnlistedSpecialPage { $this->getOutput()->addHTML( Xml::fieldset( $this->msg( 'changeemail-header' )->text() ) . - Xml::openElement( 'form', - array( - 'method' => 'post', - 'action' => $this->getTitle()->getLocalUrl(), - 'id' => 'mw-changeemail-form' ) ) . "\n" . - Html::hidden( 'token', $user->getEditToken() ) . "\n" . - Html::hidden( 'returnto', $this->getRequest()->getVal( 'returnto' ) ) . "\n" . - $this->msg( 'changeemail-text' )->parseAsBlock() . "\n" . - Xml::openElement( 'table', array( 'id' => 'mw-changeemail-table' ) ) . "\n" + Xml::openElement( 'form', + array( + 'method' => 'post', + 'action' => $this->getTitle()->getLocalURL(), + 'id' => 'mw-changeemail-form' ) ) . "\n" . + Html::hidden( 'token', $user->getEditToken() ) . "\n" . + Html::hidden( 'returnto', $this->getRequest()->getVal( 'returnto' ) ) . "\n" . + $this->msg( 'changeemail-text' )->parseAsBlock() . "\n" . + Xml::openElement( 'table', array( 'id' => 'mw-changeemail-table' ) ) . "\n" ); $items = array( array( 'wpName', 'username', 'text', $user->getName() ), @@ -159,17 +170,17 @@ class SpecialChangeEmail extends UnlistedSpecialPage { $this->getOutput()->addHTML( $this->pretty( $items ) . - "\n" . - "<tr>\n" . + "\n" . + "<tr>\n" . "<td></td>\n" . '<td class="mw-input">' . - Xml::submitButton( $this->msg( 'changeemail-submit' )->text() ) . - Xml::submitButton( $this->msg( 'changeemail-cancel' )->text(), array( 'name' => 'wpCancel' ) ) . + Xml::submitButton( $this->msg( 'changeemail-submit' )->text() ) . + Xml::submitButton( $this->msg( 'changeemail-cancel' )->text(), array( 'name' => 'wpCancel' ) ) . "</td>\n" . - "</tr>\n" . - Xml::closeElement( 'table' ) . - Xml::closeElement( 'form' ) . - Xml::closeElement( 'fieldset' ) . "\n" + "</tr>\n" . + Xml::closeElement( 'table' ) . + Xml::closeElement( 'form' ) . + Xml::closeElement( 'fieldset' ) . "\n" ); } @@ -181,7 +192,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage { $out = ''; foreach ( $fields as $list ) { list( $name, $label, $type, $value ) = $list; - if( $type == 'text' ) { + if ( $type == 'text' ) { $field = htmlspecialchars( $value ); } else { $attribs = array( 'id' => $name ); @@ -203,6 +214,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage { $out .= "</td>\n"; $out .= "</tr>"; } + return $out; } @@ -213,22 +225,26 @@ class SpecialChangeEmail extends UnlistedSpecialPage { * @return bool|string true or string on success, false on failure */ protected function attemptChange( User $user, $pass, $newaddr ) { - global $wgAuth; + global $wgAuth, $wgPasswordAttemptThrottle; if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) { $this->error( 'invalidemailaddress' ); + return false; } $throttleCount = LoginForm::incLoginThrottle( $user->getName() ); if ( $throttleCount === true ) { - $this->error( 'login-throttled' ); + $lang = $this->getLanguage(); + $this->error( array( 'login-throttled', $lang->formatDuration( $wgPasswordAttemptThrottle['seconds'] ) ) ); + return false; } global $wgRequirePasswordforEmailChange; if ( $wgRequirePasswordforEmailChange && !$user->checkTemporaryPassword( $pass ) && !$user->checkPassword( $pass ) ) { $this->error( 'wrongpassword' ); + return false; } @@ -241,8 +257,9 @@ class SpecialChangeEmail extends UnlistedSpecialPage { if ( !$status->isGood() ) { $this->getOutput()->addHTML( '<p class="error">' . - $this->getOutput()->parseInline( $status->getWikiText( 'mailerror' ) ) . - '</p>' ); + $this->getOutput()->parseInline( $status->getWikiText( 'mailerror' ) ) . + '</p>' ); + return false; } |