diff options
Diffstat (limited to 'includes/specials/SpecialConfirmemail.php')
-rw-r--r-- | includes/specials/SpecialConfirmemail.php | 101 |
1 files changed, 60 insertions, 41 deletions
diff --git a/includes/specials/SpecialConfirmemail.php b/includes/specials/SpecialConfirmemail.php index 078c3865..3828b1c6 100644 --- a/includes/specials/SpecialConfirmemail.php +++ b/includes/specials/SpecialConfirmemail.php @@ -30,27 +30,30 @@ * @author Rob Church <robchur@gmail.com> */ class EmailConfirmation extends UnlistedSpecialPage { - - /** - * Constructor - */ public function __construct() { - parent::__construct( 'Confirmemail' ); + parent::__construct( 'Confirmemail', 'editmyprivateinfo' ); } /** * Main execution point * - * @param $code Confirmation code passed to the page + * @param null|string $code Confirmation code passed to the page */ function execute( $code ) { $this->setHeaders(); $this->checkReadOnly(); + $this->checkPermissions(); - if( $code === null || $code === '' ) { - if( $this->getUser()->isLoggedIn() ) { - if( Sanitizer::validateEmail( $this->getUser()->getEmail() ) ) { + // This could also let someone check the current email address, so + // require both permissions. + if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) { + throw new PermissionsError( 'viewmyprivateinfo' ); + } + + if ( $code === null || $code === '' ) { + if ( $this->getUser()->isLoggedIn() ) { + if ( Sanitizer::validateEmail( $this->getUser()->getEmail() ) ) { $this->showRequestForm(); } else { $this->getOutput()->addWikiMsg( 'confirmemail_noemail' ); @@ -62,7 +65,9 @@ class EmailConfirmation extends UnlistedSpecialPage { array(), array( 'returnto' => $this->getTitle()->getPrefixedText() ) ); - $this->getOutput()->addHTML( $this->msg( 'confirmemail_needlogin' )->rawParams( $llink )->parse() ); + $this->getOutput()->addHTML( + $this->msg( 'confirmemail_needlogin' )->rawParams( $llink )->parse() + ); } } else { $this->attemptConfirm( $code ); @@ -75,7 +80,10 @@ class EmailConfirmation extends UnlistedSpecialPage { function showRequestForm() { $user = $this->getUser(); $out = $this->getOutput(); - if( $this->getRequest()->wasPosted() && $user->matchEditToken( $this->getRequest()->getText( 'token' ) ) ) { + + if ( $this->getRequest()->wasPosted() && + $user->matchEditToken( $this->getRequest()->getText( 'token' ) ) + ) { $status = $user->sendConfirmationMail(); if ( $status->isGood() ) { $out->addWikiMsg( 'confirmemail_sent' ); @@ -83,7 +91,7 @@ class EmailConfirmation extends UnlistedSpecialPage { $out->addWikiText( $status->getWikiText( 'confirmemail_sendfailed' ) ); } } else { - if( $user->isEmailConfirmed() ) { + if ( $user->isEmailConfirmed() ) { // date and time are separate parameters to facilitate localisation. // $time is kept for backward compat reasons. // 'emailauthenticated' is also used in SpecialPreferences.php @@ -94,14 +102,22 @@ class EmailConfirmation extends UnlistedSpecialPage { $t = $lang->userTime( $emailAuthenticated, $user ); $out->addWikiMsg( 'emailauthenticated', $time, $d, $t ); } - if( $user->isEmailConfirmationPending() ) { - $out->wrapWikiMsg( "<div class=\"error mw-confirmemail-pending\">\n$1\n</div>", 'confirmemail_pending' ); + + if ( $user->isEmailConfirmationPending() ) { + $out->wrapWikiMsg( + "<div class=\"error mw-confirmemail-pending\">\n$1\n</div>", + 'confirmemail_pending' + ); } + $out->addWikiMsg( 'confirmemail_text' ); - $form = Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->getTitle()->getLocalUrl() ) ); - $form .= Html::hidden( 'token', $user->getEditToken() ); - $form .= Xml::submitButton( $this->msg( 'confirmemail_send' )->text() ); - $form .= Xml::closeElement( 'form' ); + $form = Html::openElement( + 'form', + array( 'method' => 'post', 'action' => $this->getTitle()->getLocalURL() ) + ) . "\n"; + $form .= Html::hidden( 'token', $user->getEditToken() ) . "\n"; + $form .= Xml::submitButton( $this->msg( 'confirmemail_send' )->text() ) . "\n"; + $form .= Html::closeElement( 'form' ) . "\n"; $out->addHTML( $form ); } } @@ -114,20 +130,22 @@ class EmailConfirmation extends UnlistedSpecialPage { */ function attemptConfirm( $code ) { $user = User::newFromConfirmationCode( $code ); - if( is_object( $user ) ) { - $user->confirmEmail(); - $user->saveSettings(); - $message = $this->getUser()->isLoggedIn() ? 'confirmemail_loggedin' : 'confirmemail_success'; - $this->getOutput()->addWikiMsg( $message ); - if( !$this->getUser()->isLoggedIn() ) { - $title = SpecialPage::getTitleFor( 'Userlogin' ); - $this->getOutput()->returnToMain( true, $title ); - } - } else { + if ( !is_object( $user ) ) { $this->getOutput()->addWikiMsg( 'confirmemail_invalid' ); + + return; } - } + $user->confirmEmail(); + $user->saveSettings(); + $message = $this->getUser()->isLoggedIn() ? 'confirmemail_loggedin' : 'confirmemail_success'; + $this->getOutput()->addWikiMsg( $message ); + + if ( !$this->getUser()->isLoggedIn() ) { + $title = SpecialPage::getTitleFor( 'Userlogin' ); + $this->getOutput()->returnToMain( true, $title ); + } + } } /** @@ -137,16 +155,14 @@ class EmailConfirmation extends UnlistedSpecialPage { * @ingroup SpecialPage */ class EmailInvalidation extends UnlistedSpecialPage { - public function __construct() { - parent::__construct( 'Invalidateemail' ); + parent::__construct( 'Invalidateemail', 'editmyprivateinfo' ); } function execute( $code ) { $this->setHeaders(); - $this->checkReadOnly(); - + $this->checkPermissions(); $this->attemptInvalidate( $code ); } @@ -158,15 +174,18 @@ class EmailInvalidation extends UnlistedSpecialPage { */ function attemptInvalidate( $code ) { $user = User::newFromConfirmationCode( $code ); - if( is_object( $user ) ) { - $user->invalidateEmail(); - $user->saveSettings(); - $this->getOutput()->addWikiMsg( 'confirmemail_invalidated' ); - if( !$this->getUser()->isLoggedIn() ) { - $this->getOutput()->returnToMain(); - } - } else { + if ( !is_object( $user ) ) { $this->getOutput()->addWikiMsg( 'confirmemail_invalid' ); + + return; + } + + $user->invalidateEmail(); + $user->saveSettings(); + $this->getOutput()->addWikiMsg( 'confirmemail_invalidated' ); + + if ( !$this->getUser()->isLoggedIn() ) { + $this->getOutput()->returnToMain(); } } } |