$this->setHeaders();
$this->outputHeader();
$out = $this->getOutput();
- $out->disallowUserJs(); # Prevent hijacked user scripts from sniffing passwords etc.
+ $out->disallowUserJs(); # Prevent hijacked user scripts from sniffing passwords etc.
$user = $this->getUser();
if ( $user->isAnon() ) {
- throw new ErrorPageError( 'prefsnologin', 'prefsnologintext', array( $this->getTitle()->getPrefixedDBkey() ) );
+ throw new ErrorPageError(
+ 'prefsnologin',
+ 'prefsnologintext',
+ array( $this->getTitle()->getPrefixedDBkey() )
+ );
}
$this->checkReadOnly();
if ( $par == 'reset' ) {
$this->showResetForm();
+
return;
}
}
private function showResetForm() {
+ if ( !$this->getUser()->isAllowed( 'editmyoptions' ) ) {
+ throw new PermissionsError( 'editmyoptions' );
+ }
+
$this->getOutput()->addWikiMsg( 'prefs-reset-intro' );
$htmlForm = new HTMLForm( array(), $this->getContext(), 'prefs-restore' );
}
public function submitReset( $formData ) {
+ if ( !$this->getUser()->isAllowed( 'editmyoptions' ) ) {
+ throw new PermissionsError( 'editmyoptions' );
+ }
+
$user = $this->getUser();
- $user->resetOptions( 'all' );
+ $user->resetOptions( 'all', $this->getContext() );
$user->saveSettings();
$url = $this->getTitle()->getFullURL( 'success' );