X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FSpecialEmailuser.php;h=577a8e93663a01fa9b5123b36a8456f25ded6b85;hb=0af46ac5e13577b469727da03a7794343ed70018;hp=92b938e3507db8e3f1e042188f4e3ca6b5956226;hpb=2a9021ff7cbec3d58c0ef31e03537f66de985f1c;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/SpecialEmailuser.php b/includes/SpecialEmailuser.php
index 92b938e350..577a8e9366 100644
--- a/includes/SpecialEmailuser.php
+++ b/includes/SpecialEmailuser.php
@@ -18,7 +18,7 @@ function wfSpecialEmailuser( $par ) {
 		return;
 	}
 	
-	if ( 0 == $wgUser->getID() ||
+	if ( $wgUser->isAnon() ||
 		( !$wgUser->isValidEmailAddr( $wgUser->getEmail() ) ) ) {
 		$wgOut->errorpage( "mailnologin", "mailnologintext" );
 		return;
@@ -57,9 +57,14 @@ function wfSpecialEmailuser( $par ) {
 
 	$f = new EmailUserForm( $nu->getName() . " <{$address}>", $target );
 
-	if ( "success" == $action ) { $f->showSuccess(); }
-	else if ( "submit" == $action && $wgRequest->wasPosted() ) { $f->doSubmit(); }
-	else { $f->showForm(); }
+	if ( "success" == $action ) {
+		$f->showSuccess();
+	} else if ( "submit" == $action && $wgRequest->wasPosted() &&
+		$wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
+		$f->doSubmit();
+	} else {
+		$f->showForm();
+	}
 }
 
 /**
@@ -103,6 +108,7 @@ class EmailUserForm {
 		$titleObj = Title::makeTitle( NS_SPECIAL, "Emailuser" );
 		$action = $titleObj->escapeLocalURL( "target=" .
 			urlencode( $this->target ) . "&action=submit" );
+		$token = $wgUser->editToken();
 
 		$wgOut->addHTML( "
 <form id=\"emailuser\" method=\"post\" action=\"{$action}\">
@@ -126,6 +132,7 @@ class EmailUserForm {
 <td>&nbsp;</td><td align='left'>
 <input type='submit' name=\"wpSend\" value=\"{$ems}\" />
 </td></tr></table>
+<input type='hidden' name='wpEditToken' value=\"$token\" />
 </form>\n" );
 
 	}
@@ -136,7 +143,7 @@ class EmailUserForm {
 		$from = wfQuotedPrintable( $wgUser->getName() ) . " <" . $wgUser->getEmail() . ">";
 		$subject = wfQuotedPrintable( $this->subject );
 		
-		if (wfRunHooks('EmailUser', $this->mAddress, $from, $subject, $this->text)) {
+		if (wfRunHooks('EmailUser', array(&$this->mAddress, &$from, &$subject, &$this->text))) {
 			
 			$mailResult = userMailer( $this->mAddress, $from, $subject, $this->text );
 			
@@ -144,7 +151,7 @@ class EmailUserForm {
 				$titleObj = Title::makeTitle( NS_SPECIAL, "Emailuser" );
 				$encTarget = wfUrlencode( $this->target );
 				$wgOut->redirect( $titleObj->getFullURL( "target={$encTarget}&action=success" ) );
-				wfRunHooks('EmailUserComplete', $this->mAddress, $from, $subject, $this->text);
+				wfRunHooks('EmailUserComplete', array($this->mAddress, $from, $subject, $this->text));
 			} else {
 			  $wgOut->addHTML( wfMsg( "usermailererror" ) . $mailResult);
 			}