This is to counter spam where people use Special:ChangeEmail to
spam people with the confirmation email and using the username
to promote their thing
Bug: T209794
Change-Id: I8b2bd0f60c66f44c91dc78e3512a73e4237df2f3
'newbie' => [ 5, 86400 ],
'user' => [ 20, 86400 ],
],
'newbie' => [ 5, 86400 ],
'user' => [ 20, 86400 ],
],
+ 'changeemail' => [
+ 'ip-all' => [ 10, 3600 ],
+ 'user' => [ 4, 86400 ]
+ ],
// Purging pages
'purge' => [
'ip' => [ 30, 60 ],
// Purging pages
'purge' => [
'ip' => [ 30, 60 ],
throw new PermissionsError( 'viewmyprivateinfo' );
}
throw new PermissionsError( 'viewmyprivateinfo' );
}
+ if ( $user->isBlockedFromEmailuser() ) {
+ throw new UserBlockedError( $user->getBlock() );
+ }
+
parent::checkExecutePermissions( $user );
}
parent::checkExecutePermissions( $user );
}
return Status::newFatal( 'changeemail-nochange' );
}
return Status::newFatal( 'changeemail-nochange' );
}
+ // To prevent spam, rate limit adding a new address, but do
+ // not rate limit removing an address.
+ if ( $newaddr !== '' && $user->pingLimiter( 'changeemail' ) ) {
+ return Status::newFatal( 'actionthrottledtext' );
+ }
+
$oldaddr = $user->getEmail();
$status = $user->setEmailWithConfirmation( $newaddr );
if ( !$status->isGood() ) {
$oldaddr = $user->getEmail();
$status = $user->setEmailWithConfirmation( $newaddr );
if ( !$status->isGood() ) {