Revert r39793 "* (bug 13879) Special:EmailUser shows a form in case no user was speci...

* Recipient name seems to be output raw into HTML form; this is insecure
* We've lost the link to the target's user page in the primary use case (followed 'email this user' link)
* Behavior if you misspell a name doesn't look very nice; you can't just fix it and resubmit the form, you have to hit 'back' from an error page and hope your browser isn't one that deletes all your form data :D

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 1c598af..ddf5835 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -94,7 +94,6 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * HTML entities like   now work (are not escaped) in edit summaries.
 * (bug 13815) In the comment for page moves, use the colon-separator message
   instead of a hardcoded colon.
-* (bug 13879) Special:EmailUser shows a form in case no user was specified
 
 === Bug fixes in 1.14 ===
 

diff --git a/includes/api/ApiEmailUser.php b/includes/api/ApiEmailUser.php
index 7d23dde..7e08353 100644 (file)
--- a/includes/api/ApiEmailUser.php
+++ b/includes/api/ApiEmailUser.php
@@ -52,8 +52,6 @@ class ApiEmailUser extends ApiBase {
                
                // Validate target 
                $targetUser = EmailUserForm::validateEmailTarget( $params['target'] );
-               if ( $targetUser === false )
-                       $this->dieUsageMsg( array( 'notargettitle' ) );
                if ( !( $targetUser instanceof User ) )
                        $this->dieUsageMsg( array( $targetUser[0] ) );
                

diff --git a/includes/specials/SpecialEmailuser.php b/includes/specials/SpecialEmailuser.php
index 917ae92..d557c84 100644 (file)
--- a/includes/specials/SpecialEmailuser.php
+++ b/includes/specials/SpecialEmailuser.php
@@ -14,7 +14,7 @@ function wfSpecialEmailuser( $par ) {
        $target = isset($par) ? $par : $wgRequest->getVal( 'target' );
        $targetUser = EmailUserForm::validateEmailTarget( $target );
        
-       if ( !( $targetUser instanceof User ) && $targetUser !== false ) {
+       if ( !( $targetUser instanceof User ) ) {
                $wgOut->showErrorPage( $targetUser[0], $targetUser[1] );
                return;
        }
@@ -47,7 +47,7 @@ function wfSpecialEmailuser( $par ) {
        }       
                
        
-       if ( "submit" == $action && $wgRequest->wasPosted() && $targetUser !== false ) {
+       if ( "submit" == $action && $wgRequest->wasPosted() ) {
                $result = $form->doSubmit();
                
                if ( !is_null( $result ) ) {
@@ -98,9 +98,8 @@ class EmailUserForm {
                $senderLink = $skin->makeLinkObj(
                        $wgUser->getUserPage(), htmlspecialchars( $wgUser->getName() ) );
                $emt = wfMsg( "emailto" );
-               $recipient = $this->target instanceof User ? 
-                       htmlspecialchars( $this->target->getName() ) :
-                       '';
+               $recipientLink = $skin->makeLinkObj(
+                       $this->target->getUserPage(), htmlspecialchars( $this->target->getName() ) );
                $emr = wfMsg( "emailsubject" );
                $emm = wfMsg( "emailmessage" );
                $ems = wfMsg( "emailsend" );
@@ -108,7 +107,8 @@ class EmailUserForm {
                $encSubject = htmlspecialchars( $this->subject );
 
                $titleObj = SpecialPage::getTitleFor( "Emailuser" );
-               $action = $titleObj->escapeLocalURL( "action=submit" );
+               $action = $titleObj->escapeLocalURL( "target=" .
+                       urlencode( $this->target->getName() ) . "&action=submit" );
                $token = htmlspecialchars( $wgUser->editToken() );
 
                $wgOut->addHTML( "
@@ -118,7 +118,7 @@ class EmailUserForm {
 <td align='left'><strong>{$senderLink}</strong></td>
 </tr><tr>
 <td align='right'>{$emt}:</td>
-<td align='left'><input type='text' size='60' name='target' value='{$recipient}' /></td>
+<td align='left'><strong>{$recipientLink}</strong></td>
 </tr><tr>
 <td align='right'>{$emr}:</td>
 <td align='left'>
@@ -235,7 +235,8 @@ class EmailUserForm {
                        return array( "nosuchspecialpage", "nospecialpagetext" );
                
                if ( "" == $target ) {
-                       return false;
+                       wfDebug( "Target is empty.\n" );
+                       return array( "notargettitle", "notargettext" );
                }
        
                $nt = Title::newFromURL( $target );