From: Reedy <reedy@wikimedia.org>
Date: Fri, 22 Jun 2012 16:29:48 +0000 (+0100)
Subject: (bug 37830) new $wgRequirePasswordforEmailChange
X-Git-Tag: 1.31.0-rc.0~22892
X-Git-Url: http://git.heureux-cyclage.org/?a=commitdiff_plain;h=f7d8c9e383ae1c0b469c11c5c391d9be7905cd8c;p=lhc%2Fweb%2Fwiklou.git

(bug 37830) new $wgRequirePasswordforEmailChange

$wgRequirePasswordforEmailChange to control whether password
confirmation is required for changing an email address or not.

Change-Id: Iaef440ef56d391bf9e68d15899fc81c6050722fb
---

diff --git a/RELEASE-NOTES-1.20 b/RELEASE-NOTES-1.20
index 25668b1178..daed79ced3 100644
--- a/RELEASE-NOTES-1.20
+++ b/RELEASE-NOTES-1.20
@@ -108,6 +108,8 @@ upgrade PHP if you have not done so prior to upgrading MediaWiki.
 * (bug 38151) Implemented mw.user.getRights for getting and caching the current
   user's user rights.
 * Implemented mw.user.getGroups for getting and caching user groups.
+* (bug 37830) Added $wgRequirePasswordforEmailChange to control whether password
+  confirmation is required for changing an email address or not.
 
 === Bug fixes in 1.20 ===
 * (bug 30245) Use the correct way to construct a log page title.
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 54f41757fa..69b632c10b 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -6145,6 +6145,11 @@ $wgSeleniumConfigFile = null;
 $wgDBtestuser = ''; //db user that has permission to create and drop the test databases only
 $wgDBtestpassword = '';
 
+/**
+ * Whether the user must enter their password to change their e-mail address
+ */
+$wgRequirePasswordforEmailChange = true;
+
 /**
  * For really cool vim folding this needs to be at the end:
  * vim: foldmarker=@{,@} foldmethod=marker
diff --git a/includes/specials/SpecialChangeEmail.php b/includes/specials/SpecialChangeEmail.php
index 167d4e2c80..fc72610602 100644
--- a/includes/specials/SpecialChangeEmail.php
+++ b/includes/specials/SpecialChangeEmail.php
@@ -27,10 +27,26 @@
  * @ingroup SpecialPage
  */
 class SpecialChangeEmail extends UnlistedSpecialPage {
+
+	/**
+	 * Users password
+	 * @var string
+	 */
+	protected $mPassword;
+
+	/**
+	 * Users new email address
+	 * @var string
+	 */
+	protected $mNewEmail;
+
 	public function __construct() {
 		parent::__construct( 'ChangeEmail' );
 	}
 
+	/**
+	 * @return Bool
+	 */
 	function isListed() {
 		global $wgAuth;
 		return $wgAuth->allowPropChange( 'emailaddress' );
@@ -90,6 +106,9 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
 		$this->showForm();
 	}
 
+	/**
+	 * @param $type string
+	 */
 	protected function doReturnTo( $type = 'hard' ) {
 		$titleObj = Title::newFromText( $this->getRequest()->getVal( 'returnto' ) );
 		if ( !$titleObj instanceof Title ) {
@@ -102,11 +121,15 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
 		}
 	}
 
+	/**
+	 * @param $msg string
+	 */
 	protected function error( $msg ) {
 		$this->getOutput()->wrapWikiMsg( "<p class='error'>\n$1\n</p>", $msg );
 	}
 
 	protected function showForm() {
+		global $wgRequirePasswordforEmailChange;
 		$user = $this->getUser();
 
 		$oldEmailText = $user->getEmail()
@@ -123,13 +146,20 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
 			Html::hidden( 'token', $user->getEditToken() ) . "\n" .
 			Html::hidden( 'returnto', $this->getRequest()->getVal( 'returnto' ) ) . "\n" .
 			$this->msg( 'changeemail-text' )->parseAsBlock() . "\n" .
-			Xml::openElement( 'table', array( 'id' => 'mw-changeemail-table' ) ) . "\n" .
-			$this->pretty( array(
-				array( 'wpName', 'username', 'text', $user->getName() ),
-				array( 'wpOldEmail', 'changeemail-oldemail', 'text', $oldEmailText ),
-				array( 'wpNewEmail', 'changeemail-newemail', 'input', $this->mNewEmail ),
-				array( 'wpPassword', 'yourpassword', 'password', $this->mPassword ),
-			) ) . "\n" .
+			Xml::openElement( 'table', array( 'id' => 'mw-changeemail-table' ) ) . "\n"
+		);
+		$items = array(
+			array( 'wpName', 'username', 'text', $user->getName() ),
+			array( 'wpOldEmail', 'changeemail-oldemail', 'text', $oldEmailText ),
+			array( 'wpNewEmail', 'changeemail-newemail', 'input', $this->mNewEmail ),
+		);
+		if ( $wgRequirePasswordforEmailChange ) {
+			$items[] = array( 'wpPassword', 'yourpassword', 'password', $this->mPassword );
+		}
+
+		$this->getOutput()->addHTML(
+			$this->pretty( $items ) .
+			"\n" .
 			"<tr>\n" .
 				"<td></td>\n" .
 				'<td class="mw-input">' .
@@ -143,6 +173,10 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
 		);
 	}
 
+	/**
+	 * @param $fields array
+	 * @return string
+	 */
 	protected function pretty( $fields ) {
 		$out = '';
 		foreach ( $fields as $list ) {
@@ -173,6 +207,9 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
 	}
 
 	/**
+	 * @param $user User
+	 * @param $pass string
+	 * @param $newaddr string
 	 * @return bool|string true or string on success, false on failure
 	 */
 	protected function attemptChange( User $user, $pass, $newaddr ) {
@@ -187,7 +224,8 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
 			return false;
 		}
 
-		if ( !$user->checkTemporaryPassword( $pass ) && !$user->checkPassword( $pass ) ) {
+		global $wgRequirePasswordforEmailChange;
+		if ( $wgRequirePasswordforEmailChange && !$user->checkTemporaryPassword( $pass ) && !$user->checkPassword( $pass ) ) {
 			$this->error( 'wrongpassword' );
 			return false;
 		}