summaryrefslogtreecommitdiff
path: root/includes/specials/SpecialConfirmemail.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/specials/SpecialConfirmemail.php')
-rw-r--r--includes/specials/SpecialConfirmemail.php101
1 files changed, 60 insertions, 41 deletions
diff --git a/includes/specials/SpecialConfirmemail.php b/includes/specials/SpecialConfirmemail.php
index 078c3865..3828b1c6 100644
--- a/includes/specials/SpecialConfirmemail.php
+++ b/includes/specials/SpecialConfirmemail.php
@@ -30,27 +30,30 @@
* @author Rob Church <robchur@gmail.com>
*/
class EmailConfirmation extends UnlistedSpecialPage {
-
- /**
- * Constructor
- */
public function __construct() {
- parent::__construct( 'Confirmemail' );
+ parent::__construct( 'Confirmemail', 'editmyprivateinfo' );
}
/**
* Main execution point
*
- * @param $code Confirmation code passed to the page
+ * @param null|string $code Confirmation code passed to the page
*/
function execute( $code ) {
$this->setHeaders();
$this->checkReadOnly();
+ $this->checkPermissions();
- if( $code === null || $code === '' ) {
- if( $this->getUser()->isLoggedIn() ) {
- if( Sanitizer::validateEmail( $this->getUser()->getEmail() ) ) {
+ // This could also let someone check the current email address, so
+ // require both permissions.
+ if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
+ throw new PermissionsError( 'viewmyprivateinfo' );
+ }
+
+ if ( $code === null || $code === '' ) {
+ if ( $this->getUser()->isLoggedIn() ) {
+ if ( Sanitizer::validateEmail( $this->getUser()->getEmail() ) ) {
$this->showRequestForm();
} else {
$this->getOutput()->addWikiMsg( 'confirmemail_noemail' );
@@ -62,7 +65,9 @@ class EmailConfirmation extends UnlistedSpecialPage {
array(),
array( 'returnto' => $this->getTitle()->getPrefixedText() )
);
- $this->getOutput()->addHTML( $this->msg( 'confirmemail_needlogin' )->rawParams( $llink )->parse() );
+ $this->getOutput()->addHTML(
+ $this->msg( 'confirmemail_needlogin' )->rawParams( $llink )->parse()
+ );
}
} else {
$this->attemptConfirm( $code );
@@ -75,7 +80,10 @@ class EmailConfirmation extends UnlistedSpecialPage {
function showRequestForm() {
$user = $this->getUser();
$out = $this->getOutput();
- if( $this->getRequest()->wasPosted() && $user->matchEditToken( $this->getRequest()->getText( 'token' ) ) ) {
+
+ if ( $this->getRequest()->wasPosted() &&
+ $user->matchEditToken( $this->getRequest()->getText( 'token' ) )
+ ) {
$status = $user->sendConfirmationMail();
if ( $status->isGood() ) {
$out->addWikiMsg( 'confirmemail_sent' );
@@ -83,7 +91,7 @@ class EmailConfirmation extends UnlistedSpecialPage {
$out->addWikiText( $status->getWikiText( 'confirmemail_sendfailed' ) );
}
} else {
- if( $user->isEmailConfirmed() ) {
+ if ( $user->isEmailConfirmed() ) {
// date and time are separate parameters to facilitate localisation.
// $time is kept for backward compat reasons.
// 'emailauthenticated' is also used in SpecialPreferences.php
@@ -94,14 +102,22 @@ class EmailConfirmation extends UnlistedSpecialPage {
$t = $lang->userTime( $emailAuthenticated, $user );
$out->addWikiMsg( 'emailauthenticated', $time, $d, $t );
}
- if( $user->isEmailConfirmationPending() ) {
- $out->wrapWikiMsg( "<div class=\"error mw-confirmemail-pending\">\n$1\n</div>", 'confirmemail_pending' );
+
+ if ( $user->isEmailConfirmationPending() ) {
+ $out->wrapWikiMsg(
+ "<div class=\"error mw-confirmemail-pending\">\n$1\n</div>",
+ 'confirmemail_pending'
+ );
}
+
$out->addWikiMsg( 'confirmemail_text' );
- $form = Xml::openElement( 'form', array( 'method' => 'post', 'action' => $this->getTitle()->getLocalUrl() ) );
- $form .= Html::hidden( 'token', $user->getEditToken() );
- $form .= Xml::submitButton( $this->msg( 'confirmemail_send' )->text() );
- $form .= Xml::closeElement( 'form' );
+ $form = Html::openElement(
+ 'form',
+ array( 'method' => 'post', 'action' => $this->getTitle()->getLocalURL() )
+ ) . "\n";
+ $form .= Html::hidden( 'token', $user->getEditToken() ) . "\n";
+ $form .= Xml::submitButton( $this->msg( 'confirmemail_send' )->text() ) . "\n";
+ $form .= Html::closeElement( 'form' ) . "\n";
$out->addHTML( $form );
}
}
@@ -114,20 +130,22 @@ class EmailConfirmation extends UnlistedSpecialPage {
*/
function attemptConfirm( $code ) {
$user = User::newFromConfirmationCode( $code );
- if( is_object( $user ) ) {
- $user->confirmEmail();
- $user->saveSettings();
- $message = $this->getUser()->isLoggedIn() ? 'confirmemail_loggedin' : 'confirmemail_success';
- $this->getOutput()->addWikiMsg( $message );
- if( !$this->getUser()->isLoggedIn() ) {
- $title = SpecialPage::getTitleFor( 'Userlogin' );
- $this->getOutput()->returnToMain( true, $title );
- }
- } else {
+ if ( !is_object( $user ) ) {
$this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
+
+ return;
}
- }
+ $user->confirmEmail();
+ $user->saveSettings();
+ $message = $this->getUser()->isLoggedIn() ? 'confirmemail_loggedin' : 'confirmemail_success';
+ $this->getOutput()->addWikiMsg( $message );
+
+ if ( !$this->getUser()->isLoggedIn() ) {
+ $title = SpecialPage::getTitleFor( 'Userlogin' );
+ $this->getOutput()->returnToMain( true, $title );
+ }
+ }
}
/**
@@ -137,16 +155,14 @@ class EmailConfirmation extends UnlistedSpecialPage {
* @ingroup SpecialPage
*/
class EmailInvalidation extends UnlistedSpecialPage {
-
public function __construct() {
- parent::__construct( 'Invalidateemail' );
+ parent::__construct( 'Invalidateemail', 'editmyprivateinfo' );
}
function execute( $code ) {
$this->setHeaders();
-
$this->checkReadOnly();
-
+ $this->checkPermissions();
$this->attemptInvalidate( $code );
}
@@ -158,15 +174,18 @@ class EmailInvalidation extends UnlistedSpecialPage {
*/
function attemptInvalidate( $code ) {
$user = User::newFromConfirmationCode( $code );
- if( is_object( $user ) ) {
- $user->invalidateEmail();
- $user->saveSettings();
- $this->getOutput()->addWikiMsg( 'confirmemail_invalidated' );
- if( !$this->getUser()->isLoggedIn() ) {
- $this->getOutput()->returnToMain();
- }
- } else {
+ if ( !is_object( $user ) ) {
$this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
+
+ return;
+ }
+
+ $user->invalidateEmail();
+ $user->saveSettings();
+ $this->getOutput()->addWikiMsg( 'confirmemail_invalidated' );
+
+ if ( !$this->getUser()->isLoggedIn() ) {
+ $this->getOutput()->returnToMain();
}
}
}