summaryrefslogtreecommitdiff
path: root/includes/specials/SpecialChangeEmail.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/specials/SpecialChangeEmail.php')
-rw-r--r--includes/specials/SpecialChangeEmail.php67
1 files changed, 42 insertions, 25 deletions
diff --git a/includes/specials/SpecialChangeEmail.php b/includes/specials/SpecialChangeEmail.php
index 59a02578..aab839fd 100644
--- a/includes/specials/SpecialChangeEmail.php
+++ b/includes/specials/SpecialChangeEmail.php
@@ -41,7 +41,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
protected $mNewEmail;
public function __construct() {
- parent::__construct( 'ChangeEmail' );
+ parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );
}
/**
@@ -49,6 +49,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
*/
function isListed() {
global $wgAuth;
+
return $wgAuth->allowPropChange( 'emailaddress' );
}
@@ -67,6 +68,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
if ( !$wgAuth->allowPropChange( 'emailaddress' ) ) {
$this->error( 'cannotchangeemail' );
+
return;
}
@@ -75,22 +77,31 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
if ( !$request->wasPosted() && !$user->isLoggedIn() ) {
$this->error( 'changeemail-no-info' );
+
return;
}
if ( $request->wasPosted() && $request->getBool( 'wpCancel' ) ) {
$this->doReturnTo();
+
return;
}
$this->checkReadOnly();
+ $this->checkPermissions();
+
+ // This could also let someone check the current email address, so
+ // require both permissions.
+ if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
+ throw new PermissionsError( 'viewmyprivateinfo' );
+ }
$this->mPassword = $request->getVal( 'wpPassword' );
$this->mNewEmail = $request->getVal( 'wpNewEmail' );
if ( $request->wasPosted()
- && $user->matchEditToken( $request->getVal( 'token' ) ) )
- {
+ && $user->matchEditToken( $request->getVal( 'token' ) )
+ ) {
$info = $this->attemptChange( $user, $this->mPassword, $this->mNewEmail );
if ( $info === true ) {
$this->doReturnTo();
@@ -138,15 +149,15 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
$this->getOutput()->addHTML(
Xml::fieldset( $this->msg( 'changeemail-header' )->text() ) .
- Xml::openElement( 'form',
- array(
- 'method' => 'post',
- 'action' => $this->getTitle()->getLocalUrl(),
- 'id' => 'mw-changeemail-form' ) ) . "\n" .
- Html::hidden( 'token', $user->getEditToken() ) . "\n" .
- Html::hidden( 'returnto', $this->getRequest()->getVal( 'returnto' ) ) . "\n" .
- $this->msg( 'changeemail-text' )->parseAsBlock() . "\n" .
- Xml::openElement( 'table', array( 'id' => 'mw-changeemail-table' ) ) . "\n"
+ Xml::openElement( 'form',
+ array(
+ 'method' => 'post',
+ 'action' => $this->getTitle()->getLocalURL(),
+ 'id' => 'mw-changeemail-form' ) ) . "\n" .
+ Html::hidden( 'token', $user->getEditToken() ) . "\n" .
+ Html::hidden( 'returnto', $this->getRequest()->getVal( 'returnto' ) ) . "\n" .
+ $this->msg( 'changeemail-text' )->parseAsBlock() . "\n" .
+ Xml::openElement( 'table', array( 'id' => 'mw-changeemail-table' ) ) . "\n"
);
$items = array(
array( 'wpName', 'username', 'text', $user->getName() ),
@@ -159,17 +170,17 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
$this->getOutput()->addHTML(
$this->pretty( $items ) .
- "\n" .
- "<tr>\n" .
+ "\n" .
+ "<tr>\n" .
"<td></td>\n" .
'<td class="mw-input">' .
- Xml::submitButton( $this->msg( 'changeemail-submit' )->text() ) .
- Xml::submitButton( $this->msg( 'changeemail-cancel' )->text(), array( 'name' => 'wpCancel' ) ) .
+ Xml::submitButton( $this->msg( 'changeemail-submit' )->text() ) .
+ Xml::submitButton( $this->msg( 'changeemail-cancel' )->text(), array( 'name' => 'wpCancel' ) ) .
"</td>\n" .
- "</tr>\n" .
- Xml::closeElement( 'table' ) .
- Xml::closeElement( 'form' ) .
- Xml::closeElement( 'fieldset' ) . "\n"
+ "</tr>\n" .
+ Xml::closeElement( 'table' ) .
+ Xml::closeElement( 'form' ) .
+ Xml::closeElement( 'fieldset' ) . "\n"
);
}
@@ -181,7 +192,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
$out = '';
foreach ( $fields as $list ) {
list( $name, $label, $type, $value ) = $list;
- if( $type == 'text' ) {
+ if ( $type == 'text' ) {
$field = htmlspecialchars( $value );
} else {
$attribs = array( 'id' => $name );
@@ -203,6 +214,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
$out .= "</td>\n";
$out .= "</tr>";
}
+
return $out;
}
@@ -213,22 +225,26 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
* @return bool|string true or string on success, false on failure
*/
protected function attemptChange( User $user, $pass, $newaddr ) {
- global $wgAuth;
+ global $wgAuth, $wgPasswordAttemptThrottle;
if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) {
$this->error( 'invalidemailaddress' );
+
return false;
}
$throttleCount = LoginForm::incLoginThrottle( $user->getName() );
if ( $throttleCount === true ) {
- $this->error( 'login-throttled' );
+ $lang = $this->getLanguage();
+ $this->error( array( 'login-throttled', $lang->formatDuration( $wgPasswordAttemptThrottle['seconds'] ) ) );
+
return false;
}
global $wgRequirePasswordforEmailChange;
if ( $wgRequirePasswordforEmailChange && !$user->checkTemporaryPassword( $pass ) && !$user->checkPassword( $pass ) ) {
$this->error( 'wrongpassword' );
+
return false;
}
@@ -241,8 +257,9 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
if ( !$status->isGood() ) {
$this->getOutput()->addHTML(
'<p class="error">' .
- $this->getOutput()->parseInline( $status->getWikiText( 'mailerror' ) ) .
- '</p>' );
+ $this->getOutput()->parseInline( $status->getWikiText( 'mailerror' ) ) .
+ '</p>' );
+
return false;
}