From: JuneHyeon Bae Date: Tue, 12 Mar 2013 06:10:17 +0000 (+0900) Subject: Disable Special:PasswordReset when $wgEnableEmail is false X-Git-Tag: 1.31.0-rc.0~20027^2 X-Git-Url: https://git.cyclocoop.org/%242?a=commitdiff_plain;h=8427a425b8eddfec0b1faa9b89b6950129681eb6;p=lhc%2Fweb%2Fwiklou.git Disable Special:PasswordReset when $wgEnableEmail is false Previously one could still navigate to the page by entering its URL directly, and from there be able to request a password reset e-mail for any user who has an e-mail address configured. This patch adds a check for $wgEnableEmail in the SpecialPage code, replacing the interface with an error message when e-mail is not enabled. Change-Id: I42be68c6a068aafdf45623eb35bb21aa684f54f6 --- diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22 index c24cd7d201..4e04076f1f 100644 --- a/RELEASE-NOTES-1.22 +++ b/RELEASE-NOTES-1.22 @@ -23,6 +23,9 @@ production. version of the Vector extension as this feature may conflict. === Bug fixes in 1.22 === +* Disable Special:PasswordReset when $wgEnableEmail. Previously one could still + navigate to the page by entering the URL directly. + === API changes in 1.22 === * (bug 46626) xmldoublequote parameter was removed. Because of a bug, the diff --git a/includes/specials/SpecialPasswordReset.php b/includes/specials/SpecialPasswordReset.php index 491fadc78e..6b335c32d2 100644 --- a/includes/specials/SpecialPasswordReset.php +++ b/includes/specials/SpecialPasswordReset.php @@ -292,7 +292,7 @@ class SpecialPasswordReset extends FormSpecialPage { } protected function canChangePassword( User $user ) { - global $wgPasswordResetRoutes, $wgAuth; + global $wgPasswordResetRoutes, $wgEnableEmail, $wgAuth; // Maybe password resets are disabled, or there are no allowable routes if ( !is_array( $wgPasswordResetRoutes ) || @@ -306,6 +306,11 @@ class SpecialPasswordReset extends FormSpecialPage { return 'resetpass_forbidden'; } + // Maybe email features have been disabled + if ( !$wgEnableEmail ) { + return 'passwordreset-emaildisabled'; + } + // Maybe the user is blocked (check this here rather than relying on the parent // method as we have a more specific error message to use here if ( $user->isBlocked() ) { diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index 76dba58e70..c27b4f9747 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -1222,6 +1222,7 @@ You may have already successfully changed your password or requested a new tempo 'passwordreset-text' => 'Complete this form to reset your password.', 'passwordreset-legend' => 'Reset password', 'passwordreset-disabled' => 'Password resets have been disabled on this wiki.', +'passwordreset-emaildisabled' => 'Email features have been disabled on this wiki.', 'passwordreset-pretext' => '{{PLURAL:$1||Enter one of the pieces of data below}}', 'passwordreset-username' => 'Username:', 'passwordreset-domain' => 'Domain:', diff --git a/languages/messages/MessagesQqq.php b/languages/messages/MessagesQqq.php index 045bd8bf2a..50cfc82c98 100644 --- a/languages/messages/MessagesQqq.php +++ b/languages/messages/MessagesQqq.php @@ -1228,6 +1228,7 @@ See also: 'passwordreset-text' => 'Text on [[Special:PasswordReset]]', 'passwordreset-legend' => '{{Identical|Reset password}}', 'passwordreset-disabled' => 'Used as error message in changing password.', +'passwordreset-emaildisabled' => 'Used as error message in changing password when site\'s email feature is disabled.', 'passwordreset-pretext' => 'These instructions are shown on the password reset dialogue, which can, in principle, take the user\'s email address as well as, or instead of, their username. This text displays above one or more fields, at least one of which needs to be completed, and the message does not know which routes are available, so it needs to refer to some vague noun rather than specifically "username". "One of the pieces of data" means "an info"/"a datum" (probably to be translatea with a singular noun in your language if available). Parameters: * $1 is the number of password reset routes. This is never 1, but always two or more. Thus, the first plural option is empty in English.', diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc index 1a0ff8abeb..7f854c6576 100644 --- a/maintenance/language/messages.inc +++ b/maintenance/language/messages.inc @@ -539,6 +539,7 @@ $wgMessageStructure = array( 'passwordreset-text', 'passwordreset-legend', 'passwordreset-disabled', + 'passwordreset-emaildisabled', 'passwordreset-pretext', 'passwordreset-username', 'passwordreset-domain',