From 4ac9fa081a7c045f6a9f1cfc529d82423f485b2e Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Sun, 8 Dec 2013 09:55:49 +0100
Subject: Update to MediaWiki 1.22.0

---
 includes/specials/SpecialConfirmemail.php | 101 ++++++++++++++++++------------
 1 file changed, 60 insertions(+), 41 deletions(-)

(limited to 'includes/specials/SpecialConfirmemail.php')

diff --git a/includes/specials/SpecialConfirmemail.php b/includes/specials/SpecialConfirmemail.php
index 078c3865..3828b1c6 100644
--- a/includes/specials/SpecialConfirmemail.php
+++ b/includes/specials/SpecialConfirmemail.php
@@ -30,27 +30,30 @@
  * @author Rob Church <robchur@gmail.com>
  */
 class EmailConfirmation extends UnlistedSpecialPage {
-
-	/**
-	 * Constructor
-	 */
 	public function __construct() {
-		parent::__construct( 'Confirmemail' );
+		parent::__construct( 'Confirmemail', 'editmyprivateinfo' );
 	}
 
 	/**
 	 * Main execution point
 	 *
-	 * @param $code Confirmation code passed to the page
+	 * @param null|string $code Confirmation code passed to the page
 	 */
 	function execute( $code ) {
 		$this->setHeaders();
 
 		$this->checkReadOnly();
+		$this->checkPermissions();
 
-		if( $code === null || $code === '' ) {
-			if( $this->getUser()->isLoggedIn() ) {
-				if( Sanitizer::validateEmail( $this->getUser()->getEmail() ) ) {
+		// This could also let someone check the current email address, so
+		// require both permissions.
+		if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
+			throw new PermissionsError( 'viewmyprivateinfo' );
+		}
+
+		if ( $code === null || $code === '' ) {
+			if ( $this->getUser()->isLoggedIn() ) {
+				if ( Sanitizer::validateEmail( $this->getUser()->getEmail() ) ) {
 					$this->showRequestForm();
 				} else {
 					$this->getOutput()->addWikiMsg( 'confirmemail_noemail' );
@@ -62,7 +65,9 @@ class EmailConfirmation extends UnlistedSpecialPage {
 					array(),
 					array( 'returnto' => $this->getTitle()->getPrefixedText() )
 				);
-				$this->getOutput()->addHTML( $this->msg( 'confirmemail_needlogin' )->rawParams( $llink )->parse() );
+				$this->getOutput()->addHTML(
+					$this->msg( 'confirmemail_needlogin' )->rawParams( $llink )->parse()
+				);
 			}
 		} else {
 			$this->attemptConfirm( $code );
@@ -75,7 +80,10 @@ class EmailConfirmation extends UnlistedSpecialPage {
 	function showRequestForm() {
 		$user = $this->getUser();
 		$out = $this->getOutput();
-		if( $this->getRequest()->wasPosted() && $user->matchEditToken( $this->getRequest()->getText( 'token' ) ) ) {
+
+		if ( $this->getRequest()->wasPosted() &&
+			$user->matchEditToken( $this->getRequest()->getText( 'token' ) )
+		) {
 			$status = $user->sendConfirmationMail();
 			if ( $status->isGood() ) {
 				$out->addWikiMsg( 'confirmemail_sent' );
@@ -83,7 +91,7 @@ class EmailConfirmation extends UnlistedSpecialPage {
 				$out->addWikiText( $status->getWikiText( 'confirmemail_sendfailed' ) );
 			}
 		} else {
-			if( $user->isEmailConfirmed() ) {
+			if ( $user->isEmailConfirmed() ) {
 				// date and time are separate parameters to facilitate localisation.
 				// $time is kept for backward compat reasons.
 				// 'emailauthenticated' is also used in SpecialPreferences.php
@@ -94,14 +102,22 @@ class EmailConfirmation extends UnlistedSpecialPage {
 				$t = $lang->userTime( $emailAuthenticated, $user );
 				$out->addWikiMsg( 'emailauthenticated', $time, $d, $t );
 			}
-			if( $user->isEmailConfirmationPending() ) {
-				$out->wrapWikiMsg( "<div class=\"error mw-confirmemail-pending\">\n$1\n</div>", 'confirmemail_pending' );
+
+			if ( $user->isEmailConfirmationPending() ) {
+				$out->wrapWikiMsg(
+					"<div class=\"error mw-confirmemail-pending\">\n$1\n</div>",
+					'confirmemail_pending'
+				);
 			}
+
 			$out->addWikiMsg( 'confirmemail_text' );
-			$form = Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->getTitle()->getLocalUrl() ) );
-			$form .= Html::hidden( 'token', $user->getEditToken() );
-			$form .= Xml::submitButton( $this->msg( 'confirmemail_send' )->text() );
-			$form .= Xml::closeElement( 'form' );
+			$form = Html::openElement(
+				'form',
+				array( 'method' => 'post', 'action' => $this->getTitle()->getLocalURL() )
+			) . "\n";
+			$form .= Html::hidden( 'token', $user->getEditToken() ) . "\n";
+			$form .= Xml::submitButton( $this->msg( 'confirmemail_send' )->text() ) . "\n";
+			$form .= Html::closeElement( 'form' ) . "\n";
 			$out->addHTML( $form );
 		}
 	}
@@ -114,20 +130,22 @@ class EmailConfirmation extends UnlistedSpecialPage {
 	 */
 	function attemptConfirm( $code ) {
 		$user = User::newFromConfirmationCode( $code );
-		if( is_object( $user ) ) {
-			$user->confirmEmail();
-			$user->saveSettings();
-			$message = $this->getUser()->isLoggedIn() ? 'confirmemail_loggedin' : 'confirmemail_success';
-			$this->getOutput()->addWikiMsg( $message );
-			if( !$this->getUser()->isLoggedIn() ) {
-				$title = SpecialPage::getTitleFor( 'Userlogin' );
-				$this->getOutput()->returnToMain( true, $title );
-			}
-		} else {
+		if ( !is_object( $user ) ) {
 			$this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
+
+			return;
 		}
-	}
 
+		$user->confirmEmail();
+		$user->saveSettings();
+		$message = $this->getUser()->isLoggedIn() ? 'confirmemail_loggedin' : 'confirmemail_success';
+		$this->getOutput()->addWikiMsg( $message );
+
+		if ( !$this->getUser()->isLoggedIn() ) {
+			$title = SpecialPage::getTitleFor( 'Userlogin' );
+			$this->getOutput()->returnToMain( true, $title );
+		}
+	}
 }
 
 /**
@@ -137,16 +155,14 @@ class EmailConfirmation extends UnlistedSpecialPage {
  * @ingroup SpecialPage
  */
 class EmailInvalidation extends UnlistedSpecialPage {
-
 	public function __construct() {
-		parent::__construct( 'Invalidateemail' );
+		parent::__construct( 'Invalidateemail', 'editmyprivateinfo' );
 	}
 
 	function execute( $code ) {
 		$this->setHeaders();
-
 		$this->checkReadOnly();
-
+		$this->checkPermissions();
 		$this->attemptInvalidate( $code );
 	}
 
@@ -158,15 +174,18 @@ class EmailInvalidation extends UnlistedSpecialPage {
 	 */
 	function attemptInvalidate( $code ) {
 		$user = User::newFromConfirmationCode( $code );
-		if( is_object( $user ) ) {
-			$user->invalidateEmail();
-			$user->saveSettings();
-			$this->getOutput()->addWikiMsg( 'confirmemail_invalidated' );
-			if( !$this->getUser()->isLoggedIn() ) {
-				$this->getOutput()->returnToMain();
-			}
-		} else {
+		if ( !is_object( $user ) ) {
 			$this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
+
+			return;
+		}
+
+		$user->invalidateEmail();
+		$user->saveSettings();
+		$this->getOutput()->addWikiMsg( 'confirmemail_invalidated' );
+
+		if ( !$this->getUser()->isLoggedIn() ) {
+			$this->getOutput()->returnToMain();
 		}
 	}
 }
-- 
cgit v1.2.3-54-g00ecf