From 32359cca9a54527a47a99a31604e91457c006d4f Mon Sep 17 00:00:00 2001 From: Glaisher Date: Tue, 16 Jun 2015 14:51:16 +0500 Subject: [PATCH] Don't send email notifs to blocked users if $wgBlockDisablesLogin is true Previously, private data could be leaked on private wikis where this configuration is common. To prevent this, do not send email notifications on page changes for blocked watchers and blocked talk page owners if $wgBlockDisablesLogin is true. Bug: T54453 Change-Id: I17408e1038ae10ee01eab747591ef2d9c86b106e --- includes/mail/EmailNotification.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/includes/mail/EmailNotification.php b/includes/mail/EmailNotification.php index c359659fdd..a024ffecca 100644 --- a/includes/mail/EmailNotification.php +++ b/includes/mail/EmailNotification.php @@ -201,7 +201,7 @@ class EmailNotification { public function actuallyNotifyOnPageChange( $editor, $title, $timestamp, $summary, $minorEdit, $oldid, $watchers, $pageStatus = 'changed' ) { # we use $wgPasswordSender as sender's address - global $wgEnotifWatchlist; + global $wgEnotifWatchlist, $wgBlockDisablesLogin; global $wgEnotifMinorEdits, $wgEnotifUserTalk; # The following code is only run, if several conditions are met: @@ -240,12 +240,14 @@ class EmailNotification { if ( $wgEnotifWatchlist ) { // Send updates to watchers other than the current editor + // and don't send to watchers who are blocked and cannot login $userArray = UserArray::newFromIDs( $watchers ); foreach ( $userArray as $watchingUser ) { if ( $watchingUser->getOption( 'enotifwatchlistpages' ) && ( !$minorEdit || $watchingUser->getOption( 'enotifminoredits' ) ) && $watchingUser->isEmailConfirmed() && $watchingUser->getID() != $userTalkId + && !( $wgBlockDisablesLogin && $watchingUser->isBlocked() ) ) { if ( Hooks::run( 'SendWatchlistEmailNotification', array( $watchingUser, $title, $this ) ) ) { $this->compose( $watchingUser ); @@ -275,7 +277,7 @@ class EmailNotification { * @return bool */ private function canSendUserTalkEmail( $editor, $title, $minorEdit ) { - global $wgEnotifUserTalk; + global $wgEnotifUserTalk, $wgBlockDisablesLogin; $isUserTalkPage = ( $title->getNamespace() == NS_USER_TALK ); if ( $wgEnotifUserTalk && $isUserTalkPage ) { @@ -285,6 +287,8 @@ class EmailNotification { wfDebug( __METHOD__ . ": user talk page edited, but user does not exist\n" ); } elseif ( $targetUser->getId() == $editor->getId() ) { wfDebug( __METHOD__ . ": user edited their own talk page, no notification sent\n" ); + } elseif ( $wgBlockDisablesLogin && $targetUser->isBlocked() ) { + wfDebug( __METHOD__ . ": talk page owner is blocked and cannot login, no notification sent\n" ); } elseif ( $targetUser->getOption( 'enotifusertalkpages' ) && ( !$minorEdit || $targetUser->getOption( 'enotifminoredits' ) ) ) { -- 2.20.1