<?php
-
+/**
+ *
+ * @package MediaWiki
+ * @subpackage SpecialPage
+ */
+
+/**
+ *
+ */
require_once('UserMailer.php');
-function wfSpecialEmailuser()
-{
- global $wgUser, $wgOut, $action, $target;
+function wfSpecialEmailuser( $par ) {
+ global $wgUser, $wgOut, $wgRequest, $wgEnableEmail, $wgEnableUserEmail;
- if ( 0 == $wgUser->getID() ||
- ( false === strpos( $wgUser->getEmail(), "@" ) ) ) {
+ if( !( $wgEnableEmail && $wgEnableUserEmail ) ) {
+ $wgOut->errorpage( "nosuchspecialpage", "nospecialpagetext" );
+ return;
+ }
+
+ if ( $wgUser->isAnon() ||
+ ( !$wgUser->isValidEmailAddr( $wgUser->getEmail() ) ) ) {
$wgOut->errorpage( "mailnologin", "mailnologintext" );
return;
}
- $target = wfCleanQueryVar( $target );
+
+ $action = $wgRequest->getVal( 'action' );
+ if( empty( $par ) ) {
+ $target = $wgRequest->getVal( 'target' );
+ } else {
+ $target = $par;
+ }
if ( "" == $target ) {
$wgOut->errorpage( "notargettitle", "notargettext" );
return;
}
$nt = Title::newFromURL( $target );
+ if ( is_null( $nt ) ) {
+ $wgOut->errorpage( "notargettitle", "notargettext" );
+ return;
+ }
$nu = User::newFromName( $nt->getText() );
- $id = $nu->idForName();
- if ( 0 == $id ) {
+ if ( 0 == $nu->getID() ) {
$wgOut->errorpage( "noemailtitle", "noemailtext" );
return;
}
- $nu->setID( $id );
+
$address = $nu->getEmail();
- if ( ( false === strpos( $address, "@" ) ) ||
- ( 1 == $nu->getOption( "disablemail" ) ) ) {
+ if ( ( !$nu->isValidEmailAddr( $address ) ) ||
+ ( 1 == $nu->getOption( "disablemail" ) ) ||
+ ( 0 == $nu->getEmailauthenticationtimestamp() ) ) {
$wgOut->errorpage( "noemailtitle", "noemailtext" );
return;
}
- $fields = array( "wpSubject", "wpText" );
- wfCleanFormFields( $fields );
- $f = new EmailUserForm( $nu->getName() . " <{$address}>" );
+ $f = new EmailUserForm( $nu->getName() . " <{$address}>", $target );
- if ( "success" == $action ) { $f->showSuccess(); }
- else if ( "submit" == $action ) { $f->doSubmit(); }
- else { $f->showForm( "" ); }
+ if ( "success" == $action ) {
+ $f->showSuccess();
+ } else if ( "submit" == $action && $wgRequest->wasPosted() &&
+ $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
+ $f->doSubmit();
+ } else {
+ $f->showForm();
+ }
}
+/**
+ * @todo document
+ * @package MediaWiki
+ * @subpackage SpecialPage
+ */
class EmailUserForm {
var $mAddress;
+ var $target;
+ var $text, $subject;
- function EmailUserForm( $addr )
- {
+ function EmailUserForm( $addr, $target ) {
+ global $wgRequest;
$this->mAddress = $addr;
+ $this->target = $target;
+ $this->text = $wgRequest->getText( 'wpText' );
+ $this->subject = $wgRequest->getText( 'wpSubject' );
}
- function showForm( $err )
- {
+ function showForm() {
global $wgOut, $wgUser, $wgLang;
- global $wpSubject, $wpText, $target;
$wgOut->setPagetitle( wfMsg( "emailpage" ) );
$wgOut->addWikiText( wfMsg( "emailpagetext" ) );
- if ( ! $wpSubject ) { $wpSubject = wfMsg( "defemailsubject" ); }
+ if ( $this->subject === "" ) {
+ $this->subject = wfMsg( "defemailsubject" );
+ }
$emf = wfMsg( "emailfrom" );
$sender = $wgUser->getName();
$emt = wfMsg( "emailto" );
- $rcpt = str_replace( "_", " ", urldecode( $target ) );
+ $rcpt = str_replace( "_", " ", $this->target );
$emr = wfMsg( "emailsubject" );
$emm = wfMsg( "emailmessage" );
$ems = wfMsg( "emailsend" );
-
+ $encSubject = htmlspecialchars( $this->subject );
+
$titleObj = Title::makeTitle( NS_SPECIAL, "Emailuser" );
- $action = $titleObj->getURL( "target={$target}&action=submit", true );
+ $action = $titleObj->escapeLocalURL( "target=" .
+ urlencode( $this->target ) . "&action=submit" );
+ $token = $wgUser->editToken();
- if ( "" != $err ) {
- $wgOut->setSubtitle( wfMsg( "formerror" ) );
- $wgOut->addHTML( "<p><font color='red' size='+1'>{$err}</font>\n" );
- }
- $wgOut->addHTML( "<p>
+ $wgOut->addHTML( "
<form id=\"emailuser\" method=\"post\" action=\"{$action}\">
-<table border=0><tr>
-<td align=right>{$emf}:</td>
-<td align=left><strong>{$sender}</strong></td>
+<table border='0'><tr>
+<td align='right'>{$emf}:</td>
+<td align='left'><strong>" . htmlspecialchars( $sender ) . "</strong></td>
</tr><tr>
-<td align=right>{$emt}:</td>
-<td align=left><strong>{$rcpt}</strong></td>
+<td align='right'>{$emt}:</td>
+<td align='left'><strong>" . htmlspecialchars( $rcpt ) . "</strong></td>
</tr><tr>
-<td align=right>{$emr}:</td>
-<td align=left>
-<input type=text name=\"wpSubject\" value=\"{$wpSubject}\">
+<td align='right'>{$emr}:</td>
+<td align='left'>
+<input type='text' name=\"wpSubject\" value=\"{$encSubject}\" />
</td>
</tr><tr>
-<td align=right>{$emm}:</td>
-<td align=left>
-<textarea name=\"wpText\" rows=10 cols=60 wrap=virtual>
-{$wpText}
-</textarea>
+<td align='right'>{$emm}:</td>
+<td align='left'>
+<textarea name=\"wpText\" rows='10' cols='60' wrap='virtual'>" . htmlspecialchars( $this->text ) .
+"</textarea>
</td></tr><tr>
-<td> </td><td align=left>
-<input type=submit name=\"wpSend\" value=\"{$ems}\">
+<td> </td><td align='left'>
+<input type='submit' name=\"wpSend\" value=\"{$ems}\" />
</td></tr></table>
+<input type='hidden' name='wpEditToken' value=\"$token\" />
</form>\n" );
}
- function doSubmit()
- {
+ function doSubmit() {
global $wgOut, $wgUser, $wgLang, $wgOutputEncoding;
- global $wpSubject, $wpText, $target;
$from = wfQuotedPrintable( $wgUser->getName() ) . " <" . $wgUser->getEmail() . ">";
+ $subject = wfQuotedPrintable( $this->subject );
- $mailResult = userMailer( $this->mAddress, $from, wfQuotedPrintable( $wpSubject ), $wpText );
-
- if (! $mailResult)
- {
- $titleObj = Title::makeTitle( NS_SPECIAL, "Emailuser" );
- $wgOut->redirect( $titleObj->getURL( "target={$target}&action=success" ) );
+ if (wfRunHooks('EmailUser', array(&$this->mAddress, &$from, &$subject, &$this->text))) {
+
+ $mailResult = userMailer( $this->mAddress, $from, $subject, $this->text );
+
+ if (!$mailResult) {
+ $titleObj = Title::makeTitle( NS_SPECIAL, "Emailuser" );
+ $encTarget = wfUrlencode( $this->target );
+ $wgOut->redirect( $titleObj->getFullURL( "target={$encTarget}&action=success" ) );
+ wfRunHooks('EmailUserComplete', array($this->mAddress, $from, $subject, $this->text));
+ } else {
+ $wgOut->addHTML( wfMsg( "usermailererror" ) . $mailResult);
+ }
}
- else
- $wgOut->addHTML( wfMsg( "usermailererror" ) . $mailResult);
}
- function showSuccess()
- {
+ function showSuccess() {
global $wgOut, $wgUser;
$wgOut->setPagetitle( wfMsg( "emailsent" ) );