From 65756a56e1981c476fc5e37a663c9e3040322c53 Mon Sep 17 00:00:00 2001
From: Rob Church <robchurch@users.mediawiki.org>
Date: Fri, 5 May 2006 15:17:43 +0000
Subject: [PATCH] (bug 5839) Prevent access to Special:Confirmemail for
 logged-out users

---
 RELEASE-NOTES                    |  1 +
 includes/SpecialConfirmemail.php | 18 +++++++++++++++++-
 languages/Messages.php           |  1 +
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index d6b0306de3..0ab80f5f8c 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -217,6 +217,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * (bug 5838) Namespace names for Nds-NL
 * (bug 5749) Added Tyvan language files
 * (bug 5791) Fix SQL syntax in Special:BrokenRedirects, was causing incorrect data to show
+* (bug 5839) Prevent access to Special:Confirmemail for logged-out users
 
 == Compatibility ==
 
diff --git a/includes/SpecialConfirmemail.php b/includes/SpecialConfirmemail.php
index a97ddd9134..7143d9d92b 100644
--- a/includes/SpecialConfirmemail.php
+++ b/includes/SpecialConfirmemail.php
@@ -18,13 +18,29 @@ function wfSpecialConfirmemail( $code ) {
 class ConfirmationForm {
 	/** */
 	function show( $code ) {
-		if( empty( $code ) ) {
+		global $wgUser;
+		if( !$wgUser->isLoggedIn() ) {
+			$this->showNeedLogin();
+		} elseif( empty( $code ) ) {
 			$this->showEmpty( $this->checkAndSend() );
 		} else {
 			$this->showCode( $code );
 		}
 	}
 
+	function showNeedLogin() {
+		global $wgOut, $wgUser;
+		
+		$title = Title::makeTitle( NS_SPECIAL, 'Userlogin' );
+		$self = Title::makeTitle( NS_SPECIAL, 'Confirmemail' );
+		$skin = $wgUser->getSkin();
+		$llink = $skin->makeKnownLinkObj( $title, wfMsgHtml( 'loginreqlink' ), 'returnto=' . $self->getPrefixedUrl() );
+		
+		$wgOut->setPageTitle( wfMsg( 'confirmemail' ) );
+		$wgOut->addHtml( wfMsgWikiHtml( 'confirmemail_needlogin', $llink ) );
+		return;
+	}
+
 	/** */
 	function showCode( $code ) {
 		$user = User::newFromConfirmationCode( $code );
diff --git a/languages/Messages.php b/languages/Messages.php
index a67041a4db..b010952a4e 100644
--- a/languages/Messages.php
+++ b/languages/Messages.php
@@ -1933,6 +1933,7 @@ link in your browser to confirm that your e-mail address is valid.",
 'confirmemail_sent' => 'Confirmation e-mail sent.',
 'confirmemail_sendfailed' => 'Could not send confirmation mail. Check address for invalid characters.',
 'confirmemail_invalid' => 'Invalid confirmation code. The code may have expired.',
+'confirmemail_needlogin' => 'You need to $1 to confirm your email address.',
 'confirmemail_success' => 'Your e-mail address has been confirmed. You may now log in and enjoy the wiki.',
 'confirmemail_loggedin' => 'Your e-mail address has now been confirmed.',
 'confirmemail_error' => 'Something went wrong saving your confirmation.',
-- 
2.20.1