From: Gergő Tisza <gtisza@wikimedia.org>
Date: Tue, 15 Nov 2016 02:27:02 +0000 (+0000)
Subject: Fix SpecialPasswordResetOnSubmit parameter handling
X-Git-Tag: 1.31.0-rc.0~4870^2
X-Git-Url: http://git.cyclocoop.org/%7B%24admin_url%7Dcompta/comptes/journal.php?a=commitdiff_plain;h=f9a86b01c975b4863fd7c9bc039353a5b8753f3c;p=lhc%2Fweb%2Fwiklou.git

Fix SpecialPasswordResetOnSubmit parameter handling

Special:PasswordReset will take either the username or the email
into account but never both. Reflect this in the way parameters
are passed to the hook.

This also makes sure hook handlers never receive an unsanitized
email address.

Change-Id: I8d3b3d81e0cd5f92e5cd0a866a16695638610592
---

diff --git a/includes/user/PasswordReset.php b/includes/user/PasswordReset.php
index 889ec92b42..e023744b93 100644
--- a/includes/user/PasswordReset.php
+++ b/includes/user/PasswordReset.php
@@ -134,12 +134,14 @@ class PasswordReset {
 		if ( $resetRoutes['username'] && $username ) {
 			$method = 'username';
 			$users = [ User::newFromName( $username ) ];
+			$email = null;
 		} elseif ( $resetRoutes['email'] && $email ) {
 			if ( !Sanitizer::validateEmail( $email ) ) {
 				return StatusValue::newFatal( 'passwordreset-invalidemail' );
 			}
 			$method = 'email';
 			$users = $this->getUsersByEmail( $email );
+			$username = null;
 		} else {
 			// The user didn't supply any data
 			return StatusValue::newFatal( 'passwordreset-nodata' );