X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FSpecialEmailuser.php;h=76add3048684c4ae89b37e04fa9763e5c97344f1;hb=772b5eb07e95144ae38fdceb3c1e2afbd588a4b7;hp=80ae1ef8dcb43780fd57dd26314dcc59e2c4c52b;hpb=c771fc9c96aacb44b86ade5ecca68334c5d8213f;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/SpecialEmailuser.php b/includes/SpecialEmailuser.php
index 80ae1ef8dc..76add30486 100644
--- a/includes/SpecialEmailuser.php
+++ b/includes/SpecialEmailuser.php
@@ -5,10 +5,8 @@
  */
 
 /**
- *
+ * @todo document
  */
-require_once('UserMailer.php');
-
 function wfSpecialEmailuser( $par ) {
 	global $wgUser, $wgOut, $wgRequest, $wgEnableEmail, $wgEnableUserEmail;
 
@@ -45,12 +43,26 @@ function wfSpecialEmailuser( $par ) {
 		return;
 	}
 
+	if ( $wgUser->isBlockedFromEmailUser() ) {
+		// User has been blocked from sending e-mail. Show the std blocked form.
+		wfDebug( "User is blocked from sending e-mail.\n" );
+		$wgOut->blockedPage();
+		return;
+	}
+
 	$f = new EmailUserForm( $nu );
 
 	if ( "success" == $action ) {
 		$f->showSuccess( $nu );
 	} else if ( "submit" == $action && $wgRequest->wasPosted() &&
-		$wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
+				$wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) 
+	{
+		# Check against the rate limiter
+		if( $wgUser->pingLimiter( 'emailuser' ) ) {
+			$wgOut->rateLimited();
+			return;
+		}
+
 		$f->doSubmit();
 	} else {
 		$f->showForm();
@@ -58,7 +70,7 @@ function wfSpecialEmailuser( $par ) {
 }
 
 /**
- * @todo document
+ * Implements the Special:Emailuser web interface, and invokes userMailer for sending the email message.
  * @addtogroup SpecialPage
  */
 class EmailUserForm {
@@ -101,7 +113,7 @@ class EmailUserForm {
 		$titleObj = SpecialPage::getTitleFor( "Emailuser" );
 		$action = $titleObj->escapeLocalURL( "target=" .
 			urlencode( $this->target->getName() ) . "&action=submit" );
-		$token = $wgUser->editToken();
+		$token = htmlspecialchars( $wgUser->editToken() );
 
 		$wgOut->addHTML( "
 <form id=\"emailuser\" method=\"post\" action=\"{$action}\">
@@ -119,7 +131,7 @@ class EmailUserForm {
 </tr>
 </table>
 <span id='wpTextLabel'><label for=\"wpText\">{$emm}:</label><br /></span>
-<textarea name=\"wpText\" rows='20' cols='80' wrap='virtual' style=\"width: 100%;\">" . htmlspecialchars( $this->text ) .
+<textarea id=\"wpText\" name=\"wpText\" rows='20' cols='80' style=\"width: 100%;\">" . htmlspecialchars( $this->text ) .
 "</textarea>
 " . wfCheckLabel( $emc, 'wpCCMe', 'wpCCMe', $wgUser->getBoolOption( 'ccmeonemails' ) ) . "<br />
 <input type='submit' name=\"wpSend\" value=\"{$ems}\" />
@@ -129,18 +141,47 @@ class EmailUserForm {
 	}
 
 	function doSubmit() {
-		global $wgOut, $wgUser;
+		global $wgOut, $wgUser, $wgUserEmailUseReplyTo;
 
 		$to = new MailAddress( $this->target );
 		$from = new MailAddress( $wgUser );
 		$subject = $this->subject;
 
 		if( wfRunHooks( 'EmailUser', array( &$to, &$from, &$subject, &$this->text ) ) ) {
+			
+			if( $wgUserEmailUseReplyTo ) {
+				// Put the generic wiki autogenerated address in the From:
+				// header and reserve the user for Reply-To.
+				//
+				// This is a bit ugly, but will serve to differentiate
+				// wiki-borne mails from direct mails and protects against
+				// SPF and bounce problems with some mailers (see below).
+				global $wgPasswordSender;
+				$mailFrom = new MailAddress( $wgPasswordSender );
+				$replyTo = $from;
+			} else {
+				// Put the sending user's e-mail address in the From: header.
+				//
+				// This is clean-looking and convenient, but has issues.
+				// One is that it doesn't as clearly differentiate the wiki mail
+				// from "directly" sent mails.
+				//
+				// Another is that some mailers (like sSMTP) will use the From
+				// address as the envelope sender as well. For open sites this
+				// can cause mails to be flunked for SPF violations (since the
+				// wiki server isn't an authorized sender for various users'
+				// domains) as well as creating a privacy issue as bounces
+				// containing the recipient's e-mail address may get sent to
+				// the sending user.
+				$mailFrom = $from;
+				$replyTo = null;
+			}
 
-			$mailResult = userMailer( $to, $from, $subject, $this->text );
+			$mailResult = UserMailer::send( $to, $mailFrom, $subject, $this->text, $replyTo );
 
 			if( WikiError::isError( $mailResult ) ) {
-				$wgOut->addHTML( wfMsg( "usermailererror" ) . $mailResult);
+				$wgOut->addHTML( wfMsg( "usermailererror" ) .
+					' ' . htmlspecialchars( $mailResult->getMessage() ) );
 			} else {
 				
 				// if the user requested a copy of this mail, do this now,
@@ -148,14 +189,15 @@ class EmailUserForm {
 				if ($this->cc_me && $to != $from) {
 					$cc_subject = wfMsg('emailccsubject', $this->target->getName(), $subject);
 					if( wfRunHooks( 'EmailUser', array( &$from, &$from, &$cc_subject, &$this->text ) ) ) {
-						$ccResult = userMailer( $from, $from, $cc_subject, $this->text );
+						$ccResult = UserMailer::send( $from, $from, $cc_subject, $this->text );
 						if( WikiError::isError( $ccResult ) ) {
 							// At this stage, the user's CC mail has failed, but their 
 							// original mail has succeeded. It's unlikely, but still, what to do?
 							// We can either show them an error, or we can say everything was fine,
 							// or we can say we sort of failed AND sort of succeeded. Of these options, 
 							// simply saying there was an error is probably best.
-							$wgOut->addHTML( wfMsg( "usermailererror" ) . $ccResult);
+							$wgOut->addHTML( wfMsg( "usermailererror" ) .
+								' ' . htmlspecialchars( $ccResult->getMessage() ) );
 							return;
 						}
 					}
@@ -178,4 +220,3 @@ class EmailUserForm {
 		$wgOut->returnToMain( false, $user->getUserPage() );
 	}
 }
-?>