From: Brion Vibber Date: Thu, 21 Aug 2008 22:56:45 +0000 (+0000) Subject: Revert r39793 "* (bug 13879) Special:EmailUser shows a form in case no user was speci... X-Git-Tag: 1.31.0-rc.0~45726 X-Git-Url: http://git.cyclocoop.org/%28?a=commitdiff_plain;h=be28c3980a2faf8e7eb28ca37833eeb9c9c3243c;p=lhc%2Fweb%2Fwiklou.git Revert r39793 "* (bug 13879) Special:EmailUser shows a form in case no user was specified" for the moment * Recipient name seems to be output raw into HTML form; this is insecure * We've lost the link to the target's user page in the primary use case (followed 'email this user' link) * Behavior if you misspell a name doesn't look very nice; you can't just fix it and resubmit the form, you have to hit 'back' from an error page and hope your browser isn't one that deletes all your form data :D --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 1c598af880..ddf583598c 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -94,7 +94,6 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * HTML entities like   now work (are not escaped) in edit summaries. * (bug 13815) In the comment for page moves, use the colon-separator message instead of a hardcoded colon. -* (bug 13879) Special:EmailUser shows a form in case no user was specified === Bug fixes in 1.14 === diff --git a/includes/api/ApiEmailUser.php b/includes/api/ApiEmailUser.php index 7d23ddea9b..7e083536c9 100644 --- a/includes/api/ApiEmailUser.php +++ b/includes/api/ApiEmailUser.php @@ -52,8 +52,6 @@ class ApiEmailUser extends ApiBase { // Validate target $targetUser = EmailUserForm::validateEmailTarget( $params['target'] ); - if ( $targetUser === false ) - $this->dieUsageMsg( array( 'notargettitle' ) ); if ( !( $targetUser instanceof User ) ) $this->dieUsageMsg( array( $targetUser[0] ) ); diff --git a/includes/specials/SpecialEmailuser.php b/includes/specials/SpecialEmailuser.php index 917ae925ce..d557c847d2 100644 --- a/includes/specials/SpecialEmailuser.php +++ b/includes/specials/SpecialEmailuser.php @@ -14,7 +14,7 @@ function wfSpecialEmailuser( $par ) { $target = isset($par) ? $par : $wgRequest->getVal( 'target' ); $targetUser = EmailUserForm::validateEmailTarget( $target ); - if ( !( $targetUser instanceof User ) && $targetUser !== false ) { + if ( !( $targetUser instanceof User ) ) { $wgOut->showErrorPage( $targetUser[0], $targetUser[1] ); return; } @@ -47,7 +47,7 @@ function wfSpecialEmailuser( $par ) { } - if ( "submit" == $action && $wgRequest->wasPosted() && $targetUser !== false ) { + if ( "submit" == $action && $wgRequest->wasPosted() ) { $result = $form->doSubmit(); if ( !is_null( $result ) ) { @@ -98,9 +98,8 @@ class EmailUserForm { $senderLink = $skin->makeLinkObj( $wgUser->getUserPage(), htmlspecialchars( $wgUser->getName() ) ); $emt = wfMsg( "emailto" ); - $recipient = $this->target instanceof User ? - htmlspecialchars( $this->target->getName() ) : - ''; + $recipientLink = $skin->makeLinkObj( + $this->target->getUserPage(), htmlspecialchars( $this->target->getName() ) ); $emr = wfMsg( "emailsubject" ); $emm = wfMsg( "emailmessage" ); $ems = wfMsg( "emailsend" ); @@ -108,7 +107,8 @@ class EmailUserForm { $encSubject = htmlspecialchars( $this->subject ); $titleObj = SpecialPage::getTitleFor( "Emailuser" ); - $action = $titleObj->escapeLocalURL( "action=submit" ); + $action = $titleObj->escapeLocalURL( "target=" . + urlencode( $this->target->getName() ) . "&action=submit" ); $token = htmlspecialchars( $wgUser->editToken() ); $wgOut->addHTML( " @@ -118,7 +118,7 @@ class EmailUserForm { {$senderLink} {$emt}: - +{$recipientLink} {$emr}: @@ -235,7 +235,8 @@ class EmailUserForm { return array( "nosuchspecialpage", "nospecialpagetext" ); if ( "" == $target ) { - return false; + wfDebug( "Target is empty.\n" ); + return array( "notargettitle", "notargettext" ); } $nt = Title::newFromURL( $target );