fix typo, DieDebug -> DebugDie

[lhc/web/wiklou.git] / includes / SpecialEmailuser.php

diff --git a/includes/SpecialEmailuser.php b/includes/SpecialEmailuser.php
index 5da20d8..7bb4a61 100644 (file)
--- a/includes/SpecialEmailuser.php
+++ b/includes/SpecialEmailuser.php
@@ -18,8 +18,8 @@ function wfSpecialEmailuser( $par ) {
                return;
        }
        
-       if ( 0 == $wgUser->getID() ||
-               ( false === strpos( $wgUser->getEmail(), "@" ) ) ) {
+       if ( $wgUser->isAnon() ||
+               ( !$wgUser->isValidEmailAddr( $wgUser->getEmail() ) ) ) {
                $wgOut->errorpage( "mailnologin", "mailnologintext" );
                return;
        }
@@ -40,26 +40,31 @@ function wfSpecialEmailuser( $par ) {
                return;
        }
        $nu = User::newFromName( $nt->getText() );
-       $id = $nu->idForName();
 
-       if ( 0 == $id ) {
+       if ( 0 == $nu->getID() ) {
                $wgOut->errorpage( "noemailtitle", "noemailtext" );
                return;
        }
-       $nu->setID( $id );
+
        $address = $nu->getEmail();
 
-       if ( ( false === strpos( $address, "@" ) ) ||
-         ( 1 == $nu->getOption( "disablemail" ) ) ) {
+       if ( ( !$nu->isValidEmailAddr( $address ) ) ||
+            ( 1 == $nu->getOption( "disablemail" ) ) ||
+            ( 0 == $nu->getEmailauthenticationtimestamp() ) ) {
                $wgOut->errorpage( "noemailtitle", "noemailtext" );
                return;
        }
 
        $f = new EmailUserForm( $nu->getName() . " <{$address}>", $target );
 
-       if ( "success" == $action ) { $f->showSuccess(); }
-       else if ( "submit" == $action && $wgRequest->wasPosted() ) { $f->doSubmit(); }
-       else { $f->showForm( "" ); }
+       if ( "success" == $action ) {
+               $f->showSuccess();
+       } else if ( "submit" == $action && $wgRequest->wasPosted() &&
+               $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
+               $f->doSubmit();
+       } else {
+               $f->showForm();
+       }
 }
 
 /**
@@ -81,7 +86,7 @@ class EmailUserForm {
                $this->subject = $wgRequest->getText( 'wpSubject' );
        }
 
-       function showForm( $err ) {
+       function showForm() {
                global $wgOut, $wgUser, $wgLang;
 
                $wgOut->setPagetitle( wfMsg( "emailpage" ) );
@@ -101,20 +106,18 @@ class EmailUserForm {
                $encSubject = htmlspecialchars( $this->subject );
                
                $titleObj = Title::makeTitle( NS_SPECIAL, "Emailuser" );
-               $action = $titleObj->escapeLocalURL( "target={$this->target}&action=submit" );
+               $action = $titleObj->escapeLocalURL( "target=" .
+                       urlencode( $this->target ) . "&action=submit" );
+               $token = $wgUser->editToken();
 
-               if ( "" != $err ) {
-                       $wgOut->setSubtitle( wfMsg( "formerror" ) );
-                       $wgOut->addHTML( "<p><font color='red' size='+1'>{$err}</font></p>\n" );
-               }
                $wgOut->addHTML( "
 <form id=\"emailuser\" method=\"post\" action=\"{$action}\">
 <table border='0'><tr>
 <td align='right'>{$emf}:</td>
-<td align='left'><strong>{$sender}</strong></td>
+<td align='left'><strong>" . htmlspecialchars( $sender ) . "</strong></td>
 </tr><tr>
 <td align='right'>{$emt}:</td>
-<td align='left'><strong>{$rcpt}</strong></td>
+<td align='left'><strong>" . htmlspecialchars( $rcpt ) . "</strong></td>
 </tr><tr>
 <td align='right'>{$emr}:</td>
 <td align='left'>
@@ -129,6 +132,7 @@ class EmailUserForm {
 <td>&nbsp;</td><td align='left'>
 <input type='submit' name=\"wpSend\" value=\"{$ems}\" />
 </td></tr></table>
+<input type='hidden' name='wpEditToken' value=\"$token\" />
 </form>\n" );
 
        }