return;
}
- if ( 0 == $wgUser->getID() ||
+ if ( $wgUser->isAnon() ||
( !$wgUser->isValidEmailAddr( $wgUser->getEmail() ) ) ) {
$wgOut->errorpage( "mailnologin", "mailnologintext" );
return;
$f = new EmailUserForm( $nu->getName() . " <{$address}>", $target );
- if ( "success" == $action ) { $f->showSuccess(); }
- else if ( "submit" == $action && $wgRequest->wasPosted() ) { $f->doSubmit(); }
- else { $f->showForm(); }
+ if ( "success" == $action ) {
+ $f->showSuccess();
+ } else if ( "submit" == $action && $wgRequest->wasPosted() &&
+ $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
+ $f->doSubmit();
+ } else {
+ $f->showForm();
+ }
}
/**
$titleObj = Title::makeTitle( NS_SPECIAL, "Emailuser" );
$action = $titleObj->escapeLocalURL( "target=" .
urlencode( $this->target ) . "&action=submit" );
+ $token = $wgUser->editToken();
$wgOut->addHTML( "
<form id=\"emailuser\" method=\"post\" action=\"{$action}\">
<td> </td><td align='left'>
<input type='submit' name=\"wpSend\" value=\"{$ems}\" />
</td></tr></table>
+<input type='hidden' name='wpEditToken' value=\"$token\" />
</form>\n" );
}
$from = wfQuotedPrintable( $wgUser->getName() ) . " <" . $wgUser->getEmail() . ">";
$subject = wfQuotedPrintable( $this->subject );
- if (wfRunHooks('EmailUser', $this->mAddress, $from, $subject, $this->text)) {
+ if (wfRunHooks('EmailUser', array(&$this->mAddress, &$from, &$subject, &$this->text))) {
$mailResult = userMailer( $this->mAddress, $from, $subject, $this->text );
$titleObj = Title::makeTitle( NS_SPECIAL, "Emailuser" );
$encTarget = wfUrlencode( $this->target );
$wgOut->redirect( $titleObj->getFullURL( "target={$encTarget}&action=success" ) );
- wfRunHooks('EmailUserComplete', $this->mAddress, $from, $subject, $this->text);
+ wfRunHooks('EmailUserComplete', array($this->mAddress, $from, $subject, $this->text));
} else {
$wgOut->addHTML( wfMsg( "usermailererror" ) . $mailResult);
}