SECURITY: Fix reauth in Special:ChangeEmail

[lhc/web/wiklou.git] / includes / specials / SpecialChangeEmail.php

diff --git a/includes/specials/SpecialChangeEmail.php b/includes/specials/SpecialChangeEmail.php
index c514300..1bd42ac 100644 (file)
--- a/includes/specials/SpecialChangeEmail.php
+++ b/includes/specials/SpecialChangeEmail.php
@@ -22,6 +22,7 @@
  */
 
 use MediaWiki\Auth\AuthManager;
+use MediaWiki\Logger\LoggerFactory;
 
 /**
  * Let users change their email address.
@@ -54,14 +55,16 @@ class SpecialChangeEmail extends FormSpecialPage {
         * @param string $par
         */
        function execute( $par ) {
-               $this->checkLoginSecurityLevel();
-
                $out = $this->getOutput();
                $out->disallowUserJs();
 
                parent::execute( $par );
        }
 
+       protected function getLoginSecurityLevel() {
+               return $this->getName();
+       }
+
        protected function checkExecutePermissions( User $user ) {
                if ( !AuthManager::singleton()->allowsPropertyChange( 'emailaddress' ) ) {
                        throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );
@@ -167,6 +170,14 @@ class SpecialChangeEmail extends FormSpecialPage {
                        return $status;
                }
 
+               LoggerFactory::getInstance( 'authentication' )->info(
+                       'Changing email address for {user} from {oldemail} to {newemail}', [
+                               'user' => $user->getName(),
+                               'oldemail' => $oldaddr,
+                               'newemail' => $newaddr,
+                       ]
+               );
+
                Hooks::run( 'PrefsEmailAudit', [ $user, $oldaddr, $newaddr ] );
 
                $user->saveSettings();