*/
class EmailConfirmation extends UnlistedSpecialPage {
public function __construct() {
- parent::__construct( 'Confirmemail' );
+ parent::__construct( 'Confirmemail', 'editmyprivateinfo' );
}
/**
$this->setHeaders();
$this->checkReadOnly();
+ $this->checkPermissions();
+
+ // This could also let someone check the current email address, so
+ // require both permissions.
+ if ( !$this->getUser()->isAllowed( 'viewmyprivateinfo' ) ) {
+ throw new PermissionsError( 'viewmyprivateinfo' );
+ }
if ( $code === null || $code === '' ) {
if ( $this->getUser()->isLoggedIn() ) {
}
$out->addWikiMsg( 'confirmemail_text' );
- $form = Xml::openElement(
+ $form = Html::openElement(
'form',
array( 'method' => 'post', 'action' => $this->getTitle()->getLocalURL() )
- );
- $form .= Html::hidden( 'token', $user->getEditToken() );
- $form .= Xml::submitButton( $this->msg( 'confirmemail_send' )->text() );
- $form .= Xml::closeElement( 'form' );
+ ) . "\n";
+ $form .= Html::hidden( 'token', $user->getEditToken() ) . "\n";
+ $form .= Xml::submitButton( $this->msg( 'confirmemail_send' )->text() ) . "\n";
+ $form .= Html::closeElement( 'form' ) . "\n";
$out->addHTML( $form );
}
}
$user = User::newFromConfirmationCode( $code );
if ( !is_object( $user ) ) {
$this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
+
return;
}
*/
class EmailInvalidation extends UnlistedSpecialPage {
public function __construct() {
- parent::__construct( 'Invalidateemail' );
+ parent::__construct( 'Invalidateemail', 'editmyprivateinfo' );
}
function execute( $code ) {
$this->setHeaders();
$this->checkReadOnly();
+ $this->checkPermissions();
$this->attemptInvalidate( $code );
}
$user = User::newFromConfirmationCode( $code );
if ( !is_object( $user ) ) {
$this->getOutput()->addWikiMsg( 'confirmemail_invalid' );
+
return;
}