version of the Vector extension as this feature may conflict.
=== Bug fixes in 1.22 ===
+* Disable Special:PasswordReset when $wgEnableEmail. Previously one could still
+ navigate to the page by entering the URL directly.
+
=== API changes in 1.22 ===
* (bug 46626) xmldoublequote parameter was removed. Because of a bug, the
* - z-abandoned : A sorted set of (job ID, UNIX timestamp as score) used for broken jobs
* - z-delayed : A sorted set of (job ID, UNIX timestamp as score) used for delayed jobs
* - h-idBySha1 : A hash of (SHA1 => job ID) for unclaimed jobs used for de-duplication
- * - h-sha1Byid : A hash of (job ID => SHA1) for unclaimed jobs used for de-duplication
+ * - h-sha1ById : A hash of (job ID => SHA1) for unclaimed jobs used for de-duplication
* - h-attempts : A hash of (job ID => attempt count) used for job claiming/retries
* - h-data : A hash of (job ID => serialized blobs) for job storage
* A job ID can be in only one of z-delayed, l-unclaimed, z-claimed, and z-abandoned.
* If an ID appears in any of those lists, it should have a h-data entry for its ID.
* If a job has a SHA1 de-duplication value and its ID is in l-unclaimed or z-delayed, then
- * there should be no other such jobs with that SHA1. Every h-idBySha1 entry has an h-sha1Byid
- * entry and every h-sha1Byid must refer to an ID that is l-unclaimed. If a job has its
+ * there should be no other such jobs with that SHA1. Every h-idBySha1 entry has an h-sha1ById
+ * entry and every h-sha1ById must refer to an ID that is l-unclaimed. If a job has its
* ID in z-claimed or z-abandoned, then it must also have an h-attempts entry for its ID.
*
* Additionally, "rootjob:* keys track "root jobs" used for additional de-duplication.
}
protected function canChangePassword( User $user ) {
- global $wgPasswordResetRoutes, $wgAuth;
+ global $wgPasswordResetRoutes, $wgEnableEmail, $wgAuth;
// Maybe password resets are disabled, or there are no allowable routes
if ( !is_array( $wgPasswordResetRoutes ) ||
return 'resetpass_forbidden';
}
+ // Maybe email features have been disabled
+ if ( !$wgEnableEmail ) {
+ return 'passwordreset-emaildisabled';
+ }
+
// Maybe the user is blocked (check this here rather than relying on the parent
// method as we have a more specific error message to use here
if ( $user->isBlocked() ) {
'passwordreset-text' => 'Complete this form to reset your password.',
'passwordreset-legend' => 'Reset password',
'passwordreset-disabled' => 'Password resets have been disabled on this wiki.',
+'passwordreset-emaildisabled' => 'Email features have been disabled on this wiki.',
'passwordreset-pretext' => '{{PLURAL:$1||Enter one of the pieces of data below}}',
'passwordreset-username' => 'Username:',
'passwordreset-domain' => 'Domain:',
'passwordreset-text' => 'Text on [[Special:PasswordReset]]',
'passwordreset-legend' => '{{Identical|Reset password}}',
'passwordreset-disabled' => 'Used as error message in changing password.',
+'passwordreset-emaildisabled' => 'Used as error message in changing password when site\'s email feature is disabled.',
'passwordreset-pretext' => 'These instructions are shown on the password reset dialogue, which can, in principle, take the user\'s email address as well as, or instead of, their username. This text displays above one or more fields, at least one of which needs to be completed, and the message does not know which routes are available, so it needs to refer to some vague noun rather than specifically "username".
"One of the pieces of data" means "an info"/"a datum" (probably to be translatea with a singular noun in your language if available). Parameters:
* $1 is the number of password reset routes. This is never 1, but always two or more. Thus, the first plural option is empty in English.',
'passwordreset-text',
'passwordreset-legend',
'passwordreset-disabled',
+ 'passwordreset-emaildisabled',
'passwordreset-pretext',
'passwordreset-username',
'passwordreset-domain',