Previously you could bypass reauthentication by directly
POSTing to Special:ChangeEmail.
Bug: T197279
Change-Id: I674557351e0e91a8105c12ddf6cd30283aac9f7a
* @param string $par
*/
function execute( $par ) {
- $this->checkLoginSecurityLevel();
-
$out = $this->getOutput();
$out->disallowUserJs();
parent::execute( $par );
}
+ protected function getLoginSecurityLevel() {
+ return $this->getName();
+ }
+
protected function checkExecutePermissions( User $user ) {
if ( !AuthManager::singleton()->allowsPropertyChange( 'emailaddress' ) ) {
throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );