Correct check whether the e-mail field was filled in Special:Userlogin/signup

Use a strict comparison with '' instead of empty(), otherwise this allows user
to give "0" as an e-mail address.

Also use strval() if in any case null or something like that would be passed.

Change-Id: Ide7d35c52a04d05b43ae9fd37f7586bb4a67d4ed

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 63d101b..6e4f5d4 100644 (file)
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -392,11 +392,11 @@ class LoginForm extends SpecialPage {
 
                # if you need a confirmed email address to edit, then obviously you
                # need an email address.
-               if ( $wgEmailConfirmToEdit && empty( $this->mEmail ) ) {
+               if ( $wgEmailConfirmToEdit && strval( $this->mEmail ) === '' ) {
                        return Status::newFatal( 'noemailtitle' );
                }
 
-               if( !empty( $this->mEmail ) && !Sanitizer::validateEmail( $this->mEmail ) ) {
+               if ( strval( $this->mEmail ) !== '' && !Sanitizer::validateEmail( $this->mEmail ) ) {
                        return Status::newFatal( 'invalidemailaddress' );
                }