X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=includes%2Fspecials%2FSpecialChangeEmail.php;h=c95aa1b558bb2e352790b46fe834235274b16340;hb=36fdf484e98446ddbf4ea7ec6a5f9939c37e14c5;hp=8d5cf85dce1525c9314d1c5225fad69dc9f89143;hpb=081a44ff0cfab9c251a112e1ece037b3efb0fe0e;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/specials/SpecialChangeEmail.php b/includes/specials/SpecialChangeEmail.php
index 8d5cf85dce..c95aa1b558 100644
--- a/includes/specials/SpecialChangeEmail.php
+++ b/includes/specials/SpecialChangeEmail.php
@@ -55,14 +55,16 @@ class SpecialChangeEmail extends FormSpecialPage {
 	 * @param string $par
 	 */
 	function execute( $par ) {
-		$this->checkLoginSecurityLevel();
-
 		$out = $this->getOutput();
 		$out->disallowUserJs();
 
 		parent::execute( $par );
 	}
 
+	protected function getLoginSecurityLevel() {
+		return $this->getName();
+	}
+
 	protected function checkExecutePermissions( User $user ) {
 		if ( !AuthManager::singleton()->allowsPropertyChange( 'emailaddress' ) ) {
 			throw new ErrorPageError( 'changeemail', 'cannotchangeemail' );
@@ -160,6 +162,12 @@ class SpecialChangeEmail extends FormSpecialPage {
 			return Status::newFatal( 'changeemail-nochange' );
 		}
 
+		// To prevent spam, rate limit adding a new address, but do
+		// not rate limit removing an address.
+		if ( $newaddr !== '' && $user->pingLimiter( 'changeemail' ) ) {
+			return Status::newFatal( 'actionthrottledtext' );
+		}
+
 		$oldaddr = $user->getEmail();
 		$status = $user->setEmailWithConfirmation( $newaddr );
 		if ( !$status->isGood() ) {