dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
More rigorous fix for ImageMagick parameter interpretation (bug 23148 etc.) based...
[lhc/web/wiklou.git] / includes / specials / SpecialEmailuser.php
1 <?php
2 /**
3 * @file
4 * @ingroup SpecialPage
5 */
6
7 class SpecialEmailUser extends UnlistedSpecialPage {
8 protected $mTarget;
9
10 public function __construct(){
11 parent::__construct( 'Emailuser' );
12 }
13
14 protected function getFormFields(){
15 global $wgUser;
16 return array(
17 'From' => array(
18 'type' => 'info',
19 'raw' => 1,
20 'default' => $wgUser->getSkin()->link(
21 $wgUser->getUserPage(),
22 htmlspecialchars( $wgUser->getName() )
23 ),
24 'label-message' => 'emailfrom',
25 'id' => 'mw-emailuser-sender',
26 ),
27 'To' => array(
28 'type' => 'info',
29 'raw' => 1,
30 'default' => $wgUser->getSkin()->link(
31 $this->mTargetObj->getUserPage(),
32 htmlspecialchars( $this->mTargetObj->getName() )
33 ),
34 'label-message' => 'emailto',
35 'id' => 'mw-emailuser-recipient',
36 ),
37 'Target' => array(
38 'type' => 'hidden',
39 'default' => $this->mTargetObj->getName(),
40 ),
41 'Subject' => array(
42 'type' => 'text',
43 'default' => wfMsgExt( 'defemailsubject', array( 'content', 'parsemag' ) ),
44 'label-message' => 'emailsubject',
45 'maxlength' => 200,
46 'size' => 60,
47 'required' => 1,
48 ),
49 'Text' => array(
50 'type' => 'textarea',
51 'rows' => 20,
52 'cols' => 80,
53 'label-message' => 'emailmessage',
54 'required' => 1,
55 ),
56 'CCMe' => array(
57 'type' => 'check',
58 'label-message' => 'emailccme',
59 'default' => $wgUser->getBoolOption( 'ccmeonemails' ),
60 ),
61 );
62 }
63
64 public function execute( $par ) {
65 global $wgRequest, $wgOut, $wgUser;
66 $this->mTarget = is_null( $par )
67 ? $wgRequest->getVal( 'wpTarget', '' )
68 : $par;
69
70 $ret = self::getTarget( $this->mTarget );
71 if( $ret instanceof User ){
72 $this->mTargetObj = $ret;
73 } else {
74 $wgOut->showErrorPage( "{$ret}title", "{$ret}text" );
75 return false;
76 }
77
78 $error = self::getPermissionsError( $wgUser, $wgRequest->getVal( 'wpEditToken' ) );
79 switch ( $error ) {
80 case null:
81 # Wahey!
82 break;
83 case 'badaccess':
84 $wgOut->permissionRequired( 'sendemail' );
85 return;
86 case 'blockedemailuser':
87 $wgOut->blockedPage();
88 return;
89 case 'actionthrottledtext':
90 $wgOut->rateLimited();
91 return;
92 case 'mailnologin':
93 case 'usermaildisabled':
94 $wgOut->showErrorPage( $error, "{$error}text" );
95 return;
96 default:
97 # It's a hook error
98 list( $title, $msg, $params ) = $error;
99 $wgOut->showErrorPage( $title, $msg, $params );
100 return;
101 }
102
103 $form = new HTMLForm( $this->getFormFields() );
104 $form->addPreText( wfMsgExt( 'emailpagetext', 'parseinline' ) );
105 $form->setSubmitText( wfMsg( 'emailsend' ) );
106 $form->setTitle( $this->getTitle() );
107 $form->setSubmitCallback( array( __CLASS__, 'submit' ) );
108 $form->setWrapperLegend( wfMsgExt( 'email-legend', 'parsemag' ) );
109 $form->loadData();
110
111 if( !wfRunHooks( 'EmailUserForm', array( &$form ) ) ){
112 return false;
113 }
114
115 $wgOut->setPagetitle( wfMsg( 'emailpage' ) );
116 $result = $form->show();
117
118 if( $result === true ){
119 $wgOut->setPagetitle( wfMsg( 'emailsent' ) );
120 $wgOut->addWikiMsg( 'emailsenttext' );
121 $wgOut->returnToMain( false, $this->mTargetObj->getUserPage() );
122 }
123 }
124
125 /**
126 * Validate target User
127 *
128 * @param $target String: target user name
129 * @return User object on success or a string on error
130 */
131 public static function getTarget( $target ) {
132 if ( $target == '' ) {
133 wfDebug( "Target is empty.\n" );
134 return 'notarget';
135 }
136
137 $nt = Title::newFromURL( $target );
138 if ( !$nt instanceof Title ) {
139 wfDebug( "Target is invalid title.\n" );
140 return 'notarget';
141 }
142
143 $nu = User::newFromName( $nt->getText() );
144 if( !$nu instanceof User || !$nu->getId() ) {
145 wfDebug( "Target is invalid user.\n" );
146 return 'notarget';
147 } else if ( !$nu->isEmailConfirmed() ) {
148 wfDebug( "User has no valid email.\n" );
149 return 'noemail';
150 } else if ( !$nu->canReceiveEmail() ) {
151 wfDebug( "User does not allow user emails.\n" );
152 return 'nowikiemail';
153 }
154
155 return $nu;
156 }
157
158 /**
159 * Check whether a user is allowed to send email
160 *
161 * @param $user User object
162 * @param $editToken String: edit token
163 * @return null on success or string on error
164 */
165 public static function getPermissionsError( $user, $editToken ) {
166 global $wgEnableEmail, $wgEnableUserEmail;
167 if( !$wgEnableEmail || !$wgEnableUserEmail ){
168 return 'usermaildisabled';
169 }
170
171 if( !$user->isAllowed( 'sendemail' ) ) {
172 return 'badaccess';
173 }
174
175 if( !$user->isEmailConfirmed() ){
176 return 'mailnologin';
177 }
178
179 if( $user->isBlockedFromEmailuser() ) {
180 wfDebug( "User is blocked from sending e-mail.\n" );
181 return "blockedemailuser";
182 }
183
184 if( $user->pingLimiter( 'emailuser' ) ) {
185 wfDebug( "Ping limiter triggered.\n" );
186 return 'actionthrottledtext';
187 }
188
189 $hookErr = false;
190 wfRunHooks( 'UserCanSendEmail', array( &$user, &$hookErr ) );
191 wfRunHooks( 'EmailUserPermissionsErrors', array( $user, $editToken, &$hookErr ) );
192 if ( $hookErr ) {
193 return $hookErr;
194 }
195
196 return null;
197 }
198
199 /**
200 * Really send a mail. Permissions should have been checked using
201 * getPermissionsError(). It is probably also a good
202 * idea to check the edit token and ping limiter in advance.
203 *
204 * @return Mixed: True on success, String on error
205 */
206 public static function submit( $data ) {
207 global $wgUser, $wgUserEmailUseReplyTo, $wgSiteName;
208
209 $target = self::getTarget( $data['Target'] );
210 if( !$target instanceof User ){
211 return wfMsgExt( $target . 'text', 'parse' );
212 }
213 $to = new MailAddress( $target );
214 $from = new MailAddress( $wgUser );
215 $subject = $data['Subject'];
216 $text = $data['Text'];
217
218 // Add a standard footer and trim up trailing newlines
219 $text = rtrim( $text ) . "\n\n-- \n";
220 $text .= wfMsgExt(
221 'emailuserfooter',
222 array( 'content', 'parsemag' ),
223 array( $from->name, $to->name )
224 );
225
226 $error = '';
227 if( !wfRunHooks( 'EmailUser', array( &$to, &$from, &$subject, &$text, &$error ) ) ) {
228 return $error;
229 }
230
231 if( $wgUserEmailUseReplyTo ) {
232 // Put the generic wiki autogenerated address in the From:
233 // header and reserve the user for Reply-To.
234 //
235 // This is a bit ugly, but will serve to differentiate
236 // wiki-borne mails from direct mails and protects against
237 // SPF and bounce problems with some mailers (see below).
238 global $wgPasswordSender;
239 $mailFrom = new MailAddress( $wgPasswordSender );
240 $replyTo = $from;
241 } else {
242 // Put the sending user's e-mail address in the From: header.
243 //
244 // This is clean-looking and convenient, but has issues.
245 // One is that it doesn't as clearly differentiate the wiki mail
246 // from "directly" sent mails.
247 //
248 // Another is that some mailers (like sSMTP) will use the From
249 // address as the envelope sender as well. For open sites this
250 // can cause mails to be flunked for SPF violations (since the
251 // wiki server isn't an authorized sender for various users'
252 // domains) as well as creating a privacy issue as bounces
253 // containing the recipient's e-mail address may get sent to
254 // the sending user.
255 $mailFrom = $from;
256 $replyTo = null;
257 }
258
259 $mailResult = UserMailer::send( $to, $mailFrom, $subject, $text, $replyTo );
260
261 if( WikiError::isError( $mailResult ) && false ) {
262 return $mailResult->getMessage();
263 } else {
264 // if the user requested a copy of this mail, do this now,
265 // unless they are emailing themselves, in which case one
266 // copy of the message is sufficient.
267 if ( $data['CCMe'] && $to != $from ) {
268 $cc_subject = wfMsg(
269 'emailccsubject',
270 $target->getName(),
271 $subject
272 );
273 wfRunHooks( 'EmailUserCC', array( &$from, &$from, &$cc_subject, &$text ) );
274 $ccResult = UserMailer::send( $from, $from, $cc_subject, $text );
275 if( WikiError::isError( $ccResult ) ) {
276 // At this stage, the user's CC mail has failed, but their
277 // original mail has succeeded. It's unlikely, but still,
278 // what to do? We can either show them an error, or we can
279 // say everything was fine, or we can say we sort of failed
280 // AND sort of succeeded. Of these options, simply saying
281 // there was an error is probably best.
282 return $ccResult->getMessage();
283 }
284 }
285
286 wfRunHooks( 'EmailUserComplete', array( $to, $from, $subject, $text ) );
287 return true;
288 }
289 }
290 }
Wiklou, le Wiki du Wiklou