Fix class name: s/PerissionsError/PermissionsError/

[lhc/web/wiklou.git] / includes / specials / SpecialConfirmemail.php

diff --git a/includes/specials/SpecialConfirmemail.php b/includes/specials/SpecialConfirmemail.php
index 3287c63..3828b1c 100644 (file)
--- a/includes/specials/SpecialConfirmemail.php
+++ b/includes/specials/SpecialConfirmemail.php
@@ -31,7 +31,7 @@
  */
 class EmailConfirmation extends UnlistedSpecialPage {
        public function __construct() {
-               parent::__construct( 'Confirmemail' );
+               parent::__construct( 'Confirmemail', 'editmyprivateinfo' );
        }
 
        /**
@@ -43,6 +43,13 @@ class EmailConfirmation extends UnlistedSpecialPage {
                $this->setHeaders();
 
                $this->checkReadOnly();
+               $this->checkPermissions();
+
+               // This could also let someone check the current email address, so
+               // require both permissions.
+               if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
+                       throw new PermissionsError( 'viewmyprivateinfo' );
+               }
 
                if ( $code === null || $code === '' ) {
                        if ( $this->getUser()->isLoggedIn() ) {
@@ -104,13 +111,13 @@ class EmailConfirmation extends UnlistedSpecialPage {
                        }
 
                        $out->addWikiMsg( 'confirmemail_text' );
-                       $form = Xml::openElement(
+                       $form = Html::openElement(
                                'form',
                                array( 'method' => 'post', 'action' => $this->getTitle()->getLocalURL() )
-                       );
-                       $form .= Html::hidden( 'token', $user->getEditToken() );
-                       $form .= Xml::submitButton( $this->msg( 'confirmemail_send' )->text() );
-                       $form .= Xml::closeElement( 'form' );
+                       ) . "\n";
+                       $form .= Html::hidden( 'token', $user->getEditToken() ) . "\n";
+                       $form .= Xml::submitButton( $this->msg( 'confirmemail_send' )->text() ) . "\n";
+                       $form .= Html::closeElement( 'form' ) . "\n";
                        $out->addHTML( $form );
                }
        }
@@ -125,6 +132,7 @@ class EmailConfirmation extends UnlistedSpecialPage {
                $user = User::newFromConfirmationCode( $code );
                if ( !is_object( $user ) ) {
                        $this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
+
                        return;
                }
 
@@ -148,12 +156,13 @@ class EmailConfirmation extends UnlistedSpecialPage {
  */
 class EmailInvalidation extends UnlistedSpecialPage {
        public function __construct() {
-               parent::__construct( 'Invalidateemail' );
+               parent::__construct( 'Invalidateemail', 'editmyprivateinfo' );
        }
 
        function execute( $code ) {
                $this->setHeaders();
                $this->checkReadOnly();
+               $this->checkPermissions();
                $this->attemptInvalidate( $code );
        }
 
@@ -167,6 +176,7 @@ class EmailInvalidation extends UnlistedSpecialPage {
                $user = User::newFromConfirmationCode( $code );
                if ( !is_object( $user ) ) {
                        $this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
+
                        return;
                }