option to strip requested prefix index in the list

[lhc/web/wiklou.git] / includes / specials / SpecialChangeEmail.php

diff --git a/includes/specials/SpecialChangeEmail.php b/includes/specials/SpecialChangeEmail.php
index 2086fd3..816938d 100644 (file)
--- a/includes/specials/SpecialChangeEmail.php
+++ b/includes/specials/SpecialChangeEmail.php
@@ -41,7 +41,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
        protected $mNewEmail;
 
        public function __construct() {
-               parent::__construct( 'ChangeEmail' );
+               parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );
        }
 
        /**
@@ -49,6 +49,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
         */
        function isListed() {
                global $wgAuth;
+
                return $wgAuth->allowPropChange( 'emailaddress' );
        }
 
@@ -67,6 +68,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
 
                if ( !$wgAuth->allowPropChange( 'emailaddress' ) ) {
                        $this->error( 'cannotchangeemail' );
+
                        return;
                }
 
@@ -75,15 +77,24 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
 
                if ( !$request->wasPosted() && !$user->isLoggedIn() ) {
                        $this->error( 'changeemail-no-info' );
+
                        return;
                }
 
                if ( $request->wasPosted() && $request->getBool( 'wpCancel' ) ) {
                        $this->doReturnTo();
+
                        return;
                }
 
                $this->checkReadOnly();
+               $this->checkPermissions();
+
+               // This could also let someone check the current email address, so
+               // require both permissions.
+               if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
+                       throw new PermissionsError( 'viewmyprivateinfo' );
+               }
 
                $this->mPassword = $request->getVal( 'wpPassword' );
                $this->mNewEmail = $request->getVal( 'wpNewEmail' );
@@ -203,6 +214,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
                        $out .= "</td>\n";
                        $out .= "</tr>";
                }
+
                return $out;
        }
 
@@ -217,18 +229,21 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
 
                if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) {
                        $this->error( 'invalidemailaddress' );
+
                        return false;
                }
 
                $throttleCount = LoginForm::incLoginThrottle( $user->getName() );
                if ( $throttleCount === true ) {
                        $this->error( 'login-throttled' );
+
                        return false;
                }
 
                global $wgRequirePasswordforEmailChange;
                if ( $wgRequirePasswordforEmailChange && !$user->checkTemporaryPassword( $pass ) && !$user->checkPassword( $pass ) ) {
                        $this->error( 'wrongpassword' );
+
                        return false;
                }
 
@@ -243,6 +258,7 @@ class SpecialChangeEmail extends UnlistedSpecialPage {
                                '<p class="error">' .
                                        $this->getOutput()->parseInline( $status->getWikiText( 'mailerror' ) ) .
                                        '</p>' );
+
                        return false;
                }