protected $mNewEmail;
public function __construct() {
- parent::__construct( 'ChangeEmail' );
+ parent::__construct( 'ChangeEmail', 'editmyprivateinfo' );
}
/**
*/
function isListed() {
global $wgAuth;
+
return $wgAuth->allowPropChange( 'emailaddress' );
}
if ( !$wgAuth->allowPropChange( 'emailaddress' ) ) {
$this->error( 'cannotchangeemail' );
+
return;
}
if ( !$request->wasPosted() && !$user->isLoggedIn() ) {
$this->error( 'changeemail-no-info' );
+
return;
}
if ( $request->wasPosted() && $request->getBool( 'wpCancel' ) ) {
$this->doReturnTo();
+
return;
}
$this->checkReadOnly();
+ $this->checkPermissions();
+
+ // This could also let someone check the current email address, so
+ // require both permissions.
+ if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
+ throw new PermissionsError( 'viewmyprivateinfo' );
+ }
$this->mPassword = $request->getVal( 'wpPassword' );
$this->mNewEmail = $request->getVal( 'wpNewEmail' );
$out .= "</td>\n";
$out .= "</tr>";
}
+
return $out;
}
if ( $newaddr != '' && !Sanitizer::validateEmail( $newaddr ) ) {
$this->error( 'invalidemailaddress' );
+
return false;
}
$throttleCount = LoginForm::incLoginThrottle( $user->getName() );
if ( $throttleCount === true ) {
$this->error( 'login-throttled' );
+
return false;
}
global $wgRequirePasswordforEmailChange;
if ( $wgRequirePasswordforEmailChange && !$user->checkTemporaryPassword( $pass ) && !$user->checkPassword( $pass ) ) {
$this->error( 'wrongpassword' );
+
return false;
}
'<p class="error">' .
$this->getOutput()->parseInline( $status->getWikiText( 'mailerror' ) ) .
'</p>' );
+
return false;
}