dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prevent new users from being sent emails
[lhc/web/wiklou.git] / includes / specials / SpecialEmailuser.php
1 <?php
2 /**
3 * Implements Special:Emailuser
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @ingroup SpecialPage
22 */
23 use MediaWiki\MediaWikiServices;
24
25 /**
26 * A special page that allows users to send e-mails to other users
27 *
28 * @ingroup SpecialPage
29 */
30 class SpecialEmailUser extends UnlistedSpecialPage {
31 protected $mTarget;
32
33 /**
34 * @var User|string $mTargetObj
35 */
36 protected $mTargetObj;
37
38 public function __construct() {
39 parent::__construct( 'Emailuser' );
40 }
41
42 public function doesWrites() {
43 return true;
44 }
45
46 public function getDescription() {
47 $target = self::getTarget( $this->mTarget, $this->getUser() );
48 if ( !$target instanceof User ) {
49 return $this->msg( 'emailuser-title-notarget' )->text();
50 }
51
52 return $this->msg( 'emailuser-title-target', $target->getName() )->text();
53 }
54
55 protected function getFormFields() {
56 $linkRenderer = $this->getLinkRenderer();
57 return [
58 'From' => [
59 'type' => 'info',
60 'raw' => 1,
61 'default' => $linkRenderer->makeLink(
62 $this->getUser()->getUserPage(),
63 $this->getUser()->getName()
64 ),
65 'label-message' => 'emailfrom',
66 'id' => 'mw-emailuser-sender',
67 ],
68 'To' => [
69 'type' => 'info',
70 'raw' => 1,
71 'default' => $linkRenderer->makeLink(
72 $this->mTargetObj->getUserPage(),
73 $this->mTargetObj->getName()
74 ),
75 'label-message' => 'emailto',
76 'id' => 'mw-emailuser-recipient',
77 ],
78 'Target' => [
79 'type' => 'hidden',
80 'default' => $this->mTargetObj->getName(),
81 ],
82 'Subject' => [
83 'type' => 'text',
84 'default' => $this->msg( 'defemailsubject',
85 $this->getUser()->getName() )->inContentLanguage()->text(),
86 'label-message' => 'emailsubject',
87 'maxlength' => 200,
88 'size' => 60,
89 'required' => true,
90 ],
91 'Text' => [
92 'type' => 'textarea',
93 'rows' => 20,
94 'cols' => 80,
95 'label-message' => 'emailmessage',
96 'required' => true,
97 ],
98 'CCMe' => [
99 'type' => 'check',
100 'label-message' => 'emailccme',
101 'default' => $this->getUser()->getBoolOption( 'ccmeonemails' ),
102 ],
103 ];
104 }
105
106 public function execute( $par ) {
107 $out = $this->getOutput();
108 $out->addModuleStyles( 'mediawiki.special' );
109
110 $this->mTarget = is_null( $par )
111 ? $this->getRequest()->getVal( 'wpTarget', $this->getRequest()->getVal( 'target', '' ) )
112 : $par;
113
114 // This needs to be below assignment of $this->mTarget because
115 // getDescription() needs it to determine the correct page title.
116 $this->setHeaders();
117 $this->outputHeader();
118
119 // error out if sending user cannot do this
120 $error = self::getPermissionsError(
121 $this->getUser(),
122 $this->getRequest()->getVal( 'wpEditToken' ),
123 $this->getConfig()
124 );
125
126 switch ( $error ) {
127 case null:
128 # Wahey!
129 break;
130 case 'badaccess':
131 throw new PermissionsError( 'sendemail' );
132 case 'blockedemailuser':
133 throw new UserBlockedError( $this->getUser()->mBlock );
134 case 'actionthrottledtext':
135 throw new ThrottledError;
136 case 'mailnologin':
137 case 'usermaildisabled':
138 throw new ErrorPageError( $error, "{$error}text" );
139 default:
140 # It's a hook error
141 list( $title, $msg, $params ) = $error;
142 throw new ErrorPageError( $title, $msg, $params );
143 }
144 // Got a valid target user name? Else ask for one.
145 $ret = self::getTarget( $this->mTarget, $this->getUser() );
146 if ( !$ret instanceof User ) {
147 if ( $this->mTarget != '' ) {
148 // Messages used here: notargettext, noemailtext, nowikiemailtext
149 $ret = ( $ret == 'notarget' ) ? 'emailnotarget' : ( $ret . 'text' );
150 $out->wrapWikiMsg( "<p class='error'>$1</p>", $ret );
151 }
152 $out->addHTML( $this->userForm( $this->mTarget ) );
153
154 return;
155 }
156
157 $this->mTargetObj = $ret;
158
159 // Set the 'relevant user' in the skin, so it displays links like Contributions,
160 // User logs, UserRights, etc.
161 $this->getSkin()->setRelevantUser( $this->mTargetObj );
162
163 $context = new DerivativeContext( $this->getContext() );
164 $context->setTitle( $this->getPageTitle() ); // Remove subpage
165 $form = new HTMLForm( $this->getFormFields(), $context );
166 // By now we are supposed to be sure that $this->mTarget is a user name
167 $form->addPreText( $this->msg( 'emailpagetext', $this->mTarget )->parse() );
168 $form->setSubmitTextMsg( 'emailsend' );
169 $form->setSubmitCallback( [ __CLASS__, 'uiSubmit' ] );
170 $form->setWrapperLegendMsg( 'email-legend' );
171 $form->loadData();
172
173 if ( !Hooks::run( 'EmailUserForm', [ &$form ] ) ) {
174 return;
175 }
176
177 $result = $form->show();
178
179 if ( $result === true || ( $result instanceof Status && $result->isGood() ) ) {
180 $out->setPageTitle( $this->msg( 'emailsent' ) );
181 $out->addWikiMsg( 'emailsenttext', $this->mTarget );
182 $out->returnToMain( false, $this->mTargetObj->getUserPage() );
183 }
184 }
185
186 /**
187 * Validate target User
188 *
189 * @param string $target Target user name
190 * @param User|null $sender User sending the email
191 * @return User|string User object on success or a string on error
192 */
193 public static function getTarget( $target, User $sender = null ) {
194 if ( $sender === null ) {
195 wfDeprecated( __METHOD__ . ' without specifying the sending user', '1.30' );
196 }
197
198 if ( $target == '' ) {
199 wfDebug( "Target is empty.\n" );
200
201 return 'notarget';
202 }
203
204 $nu = User::newFromName( $target );
205 $error = self::validateTarget( $nu, $sender );
206
207 return $error ? $error : $nu;
208 }
209
210 /**
211 * Validate target User
212 *
213 * @param User $target Target user
214 * @param User|null $sender User sending the email
215 * @return string Error message or empty string if valid.
216 * @since 1.30
217 */
218 public static function validateTarget( $target, User $sender = null ) {
219 if ( $sender === null ) {
220 wfDeprecated( __METHOD__ . ' without specifying the sending user', '1.30' );
221 }
222
223 if ( !$target instanceof User || !$target->getId() ) {
224 wfDebug( "Target is invalid user.\n" );
225
226 return 'notarget';
227 }
228
229 if ( !$target->isEmailConfirmed() ) {
230 wfDebug( "User has no valid email.\n" );
231
232 return 'noemail';
233 }
234
235 if ( !$target->canReceiveEmail() ) {
236 wfDebug( "User does not allow user emails.\n" );
237
238 return 'nowikiemail';
239 }
240
241 if (
242 $target->getEditCount() === 0
243 && ( $sender === null || !$sender->isAllowed( 'sendemail-new-users' ) )
244 ) {
245 // Determine if target has any other logged actions.
246 $dbr = wfGetDB( DB_REPLICA );
247 $log_id = $dbr->selectField(
248 'logging',
249 'log_id',
250 [
251 'log_user' => $target->getId(),
252 "NOT (log_type = 'newusers' AND log_action = 'autocreate')",
253 ],
254 __METHOD__,
255 [ 'LIMIT' => 1 ]
256 );
257
258 if ( !$log_id ) {
259 wfDebug( "User has no logged actions on this wiki.\n" );
260
261 return 'nowikiemail';
262 }
263 }
264
265 if ( $sender !== null ) {
266 $blacklist = $target->getOption( 'email-blacklist', [] );
267 if ( $blacklist ) {
268 $lookup = CentralIdLookup::factory();
269 $senderId = $lookup->centralIdFromLocalUser( $sender );
270 if ( $senderId !== 0 && in_array( $senderId, $blacklist ) ) {
271 wfDebug( "User does not allow user emails from this user.\n" );
272
273 return 'nowikiemail';
274 }
275 }
276 }
277
278 return '';
279 }
280
281 /**
282 * Check whether a user is allowed to send email
283 *
284 * @param User $user
285 * @param string $editToken Edit token
286 * @param Config $config optional for backwards compatibility
287 * @return string|null Null on success or string on error
288 */
289 public static function getPermissionsError( $user, $editToken, Config $config = null ) {
290 if ( $config === null ) {
291 wfDebug( __METHOD__ . ' called without a Config instance passed to it' );
292 $config = MediaWikiServices::getInstance()->getMainConfig();
293 }
294 if ( !$config->get( 'EnableEmail' ) || !$config->get( 'EnableUserEmail' ) ) {
295 return 'usermaildisabled';
296 }
297
298 // Run this before $user->isAllowed, to show appropriate message to anons (T160309)
299 if ( !$user->isEmailConfirmed() ) {
300 return 'mailnologin';
301 }
302
303 if ( !$user->isAllowed( 'sendemail' ) ) {
304 return 'badaccess';
305 }
306
307 if ( $user->isBlockedFromEmailuser() ) {
308 wfDebug( "User is blocked from sending e-mail.\n" );
309
310 return "blockedemailuser";
311 }
312
313 // Check the ping limiter without incrementing it - we'll check it
314 // again later and increment it on a successful send
315 if ( $user->pingLimiter( 'emailuser', 0 ) ) {
316 wfDebug( "Ping limiter triggered.\n" );
317
318 return 'actionthrottledtext';
319 }
320
321 $hookErr = false;
322
323 Hooks::run( 'UserCanSendEmail', [ &$user, &$hookErr ] );
324 Hooks::run( 'EmailUserPermissionsErrors', [ $user, $editToken, &$hookErr ] );
325
326 if ( $hookErr ) {
327 return $hookErr;
328 }
329
330 return null;
331 }
332
333 /**
334 * Form to ask for target user name.
335 *
336 * @param string $name User name submitted.
337 * @return string Form asking for user name.
338 */
339 protected function userForm( $name ) {
340 $this->getOutput()->addModules( 'mediawiki.userSuggest' );
341 $string = Html::openElement(
342 'form',
343 [ 'method' => 'get', 'action' => wfScript(), 'id' => 'askusername' ]
344 ) .
345 Html::hidden( 'title', $this->getPageTitle()->getPrefixedText() ) .
346 Html::openElement( 'fieldset' ) .
347 Html::rawElement( 'legend', null, $this->msg( 'emailtarget' )->parse() ) .
348 Html::label(
349 $this->msg( 'emailusername' )->text(),
350 'emailusertarget'
351 ) . '&#160;' .
352 Html::input(
353 'target',
354 $name,
355 'text',
356 [
357 'id' => 'emailusertarget',
358 'class' => 'mw-autocomplete-user', // used by mediawiki.userSuggest
359 'autofocus' => true,
360 'size' => 30,
361 ]
362 ) .
363 ' ' .
364 Html::submitButton( $this->msg( 'emailusernamesubmit' )->text(), [] ) .
365 Html::closeElement( 'fieldset' ) .
366 Html::closeElement( 'form' ) . "\n";
367
368 return $string;
369 }
370
371 /**
372 * Submit callback for an HTMLForm object, will simply call submit().
373 *
374 * @since 1.20
375 * @param array $data
376 * @param HTMLForm $form
377 * @return Status|bool
378 */
379 public static function uiSubmit( array $data, HTMLForm $form ) {
380 return self::submit( $data, $form->getContext() );
381 }
382
383 /**
384 * Really send a mail. Permissions should have been checked using
385 * getPermissionsError(). It is probably also a good
386 * idea to check the edit token and ping limiter in advance.
387 *
388 * @param array $data
389 * @param IContextSource $context
390 * @return Status|bool
391 */
392 public static function submit( array $data, IContextSource $context ) {
393 $config = $context->getConfig();
394
395 $target = self::getTarget( $data['Target'], $context->getUser() );
396 if ( !$target instanceof User ) {
397 // Messages used here: notargettext, noemailtext, nowikiemailtext
398 return Status::newFatal( $target . 'text' );
399 }
400
401 $to = MailAddress::newFromUser( $target );
402 $from = MailAddress::newFromUser( $context->getUser() );
403 $subject = $data['Subject'];
404 $text = $data['Text'];
405
406 // Add a standard footer and trim up trailing newlines
407 $text = rtrim( $text ) . "\n\n-- \n";
408 $text .= $context->msg( 'emailuserfooter',
409 $from->name, $to->name )->inContentLanguage()->text();
410
411 // Check and increment the rate limits
412 if ( $context->getUser()->pingLimiter( 'emailuser' ) ) {
413 throw new ThrottledError();
414 }
415
416 $error = false;
417 if ( !Hooks::run( 'EmailUser', [ &$to, &$from, &$subject, &$text, &$error ] ) ) {
418 if ( $error instanceof Status ) {
419 return $error;
420 } elseif ( $error === false || $error === '' || $error === [] ) {
421 // Possibly to tell HTMLForm to pretend there was no submission?
422 return false;
423 } elseif ( $error === true ) {
424 // Hook sent the mail itself and indicates success?
425 return Status::newGood();
426 } elseif ( is_array( $error ) ) {
427 $status = Status::newGood();
428 foreach ( $error as $e ) {
429 $status->fatal( $e );
430 }
431 return $status;
432 } elseif ( $error instanceof MessageSpecifier ) {
433 return Status::newFatal( $error );
434 } else {
435 // Ugh. Either a raw HTML string, or something that's supposed
436 // to be treated like one.
437 $type = is_object( $error ) ? get_class( $error ) : gettype( $error );
438 wfDeprecated( "EmailUser hook returning a $type as \$error", '1.29' );
439 return Status::newFatal( new ApiRawMessage(
440 [ '$1', Message::rawParam( (string)$error ) ], 'hookaborted'
441 ) );
442 }
443 }
444
445 if ( $config->get( 'UserEmailUseReplyTo' ) ) {
446 /**
447 * Put the generic wiki autogenerated address in the From:
448 * header and reserve the user for Reply-To.
449 *
450 * This is a bit ugly, but will serve to differentiate
451 * wiki-borne mails from direct mails and protects against
452 * SPF and bounce problems with some mailers (see below).
453 */
454 $mailFrom = new MailAddress( $config->get( 'PasswordSender' ),
455 wfMessage( 'emailsender' )->inContentLanguage()->text() );
456 $replyTo = $from;
457 } else {
458 /**
459 * Put the sending user's e-mail address in the From: header.
460 *
461 * This is clean-looking and convenient, but has issues.
462 * One is that it doesn't as clearly differentiate the wiki mail
463 * from "directly" sent mails.
464 *
465 * Another is that some mailers (like sSMTP) will use the From
466 * address as the envelope sender as well. For open sites this
467 * can cause mails to be flunked for SPF violations (since the
468 * wiki server isn't an authorized sender for various users'
469 * domains) as well as creating a privacy issue as bounces
470 * containing the recipient's e-mail address may get sent to
471 * the sending user.
472 */
473 $mailFrom = $from;
474 $replyTo = null;
475 }
476
477 $status = UserMailer::send( $to, $mailFrom, $subject, $text, [
478 'replyTo' => $replyTo,
479 ] );
480
481 if ( !$status->isGood() ) {
482 return $status;
483 } else {
484 // if the user requested a copy of this mail, do this now,
485 // unless they are emailing themselves, in which case one
486 // copy of the message is sufficient.
487 if ( $data['CCMe'] && $to != $from ) {
488 $ccTo = $from;
489 $ccFrom = $from;
490 $ccSubject = $context->msg( 'emailccsubject' )->rawParams(
491 $target->getName(), $subject )->text();
492 $ccText = $text;
493
494 Hooks::run( 'EmailUserCC', [ &$ccTo, &$ccFrom, &$ccSubject, &$ccText ] );
495
496 if ( $config->get( 'UserEmailUseReplyTo' ) ) {
497 $mailFrom = new MailAddress(
498 $config->get( 'PasswordSender' ),
499 wfMessage( 'emailsender' )->inContentLanguage()->text()
500 );
501 $replyTo = $ccFrom;
502 } else {
503 $mailFrom = $ccFrom;
504 $replyTo = null;
505 }
506
507 $ccStatus = UserMailer::send(
508 $ccTo, $mailFrom, $ccSubject, $ccText, [
509 'replyTo' => $replyTo,
510 ] );
511 $status->merge( $ccStatus );
512 }
513
514 Hooks::run( 'EmailUserComplete', [ $to, $from, $subject, $text ] );
515
516 return $status;
517 }
518 }
519
520 /**
521 * Return an array of subpages beginning with $search that this special page will accept.
522 *
523 * @param string $search Prefix to search for
524 * @param int $limit Maximum number of results to return (usually 10)
525 * @param int $offset Number of results to skip (usually 0)
526 * @return string[] Matching subpages
527 */
528 public function prefixSearchSubpages( $search, $limit, $offset ) {
529 $user = User::newFromName( $search );
530 if ( !$user ) {
531 // No prefix suggestion for invalid user
532 return [];
533 }
534 // Autocomplete subpage as user list - public to allow caching
535 return UserNamePrefixSearch::search( 'public', $search, $limit, $offset );
536 }
537
538 protected function getGroupName() {
539 return 'users';
540 }
541 }
Wiklou, le Wiki du Wiklou