jenkins-bot has submitted this change and it was merged.
Change subject: User.php: Update 'setEmailWithConfirmation' for notification
email
......................................................................
User.php: Update 'setEmailWithConfirmation' for notification email
In order to minimise the chances of successful account cracking,
a notification email should be sent to the user on their previous
registered email address, informing them of the change in the
registered email address of their account.
Bug: T31856
Change-Id: Ib1ef76d7eb45ed0fa7ee0c2e7e39af21289367d2
---
M includes/user/User.php
M languages/i18n/en.json
M languages/i18n/qqq.json
3 files changed, 32 insertions(+), 2 deletions(-)
Approvals:
Parent5446: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/user/User.php b/includes/user/User.php
index 68a169a..2e786bd 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -2697,14 +2697,36 @@
return Status::newGood( true );
}
+ $type = $oldaddr != '' ? 'changed' : 'set';
+ $notificationResult = null;
+
+ if ( $wgEmailAuthentication ) {
+ // Send the user an email notifying the user of the
change in registered
+ // email address on their previous email address
+ if ( $type == 'changed' ) {
+ $change = $str != '' ? 'changed' : 'removed';
+ $notificationResult = $this->sendMail(
+ wfMessage( 'notificationemail_subject_'
. $change )->text(),
+ wfMessage( 'notificationemail_body_' .
$change,
+ $this->getRequest()->getIP(),
+ $this->getName(),
+ $str )->text()
+ );
+ }
+ }
+
$this->setEmail( $str );
if ( $str !== '' && $wgEmailAuthentication ) {
// Send a confirmation request to the new address if
needed
- $type = $oldaddr != '' ? 'changed' : 'set';
$result = $this->sendConfirmationMail( $type );
+
+ if ( $notificationResult !== null ) {
+ $result->merge( $notificationResult );
+ }
+
if ( $result->isGood() ) {
- // Say to the caller that a confirmation mail
has been sent
+ // Say to the caller that a confirmation and
notification mail has been sent
$result->value = 'eauth';
}
} else {
diff --git a/languages/i18n/en.json b/languages/i18n/en.json
index fea9fbd..5526e2e 100644
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@@ -3344,6 +3344,10 @@
"confirmemail_body_set": "Someone, probably you, from IP address
$1,\nhas set the email address of the account \"$2\" to this address on
{{SITENAME}}.\n\nTo confirm that this account really does belong to you and
activate\nemail features on {{SITENAME}}, open this link in your
browser:\n\n$3\n\nIf the account does *not* belong to you, follow this link\nto
cancel the email address confirmation:\n\n$5\n\nThis confirmation code will
expire at $4.",
"confirmemail_invalidated": "Email address confirmation canceled",
"invalidateemail": "Cancel email confirmation",
+ "notificationemail_subject_changed": "{{SITENAME}} registered email
address has been changed",
+ "notificationemail_subject_removed": "{{SITENAME}} registered email
address has been removed",
+ "notificationemail_body_changed": "Someone, probably you, from IP
address $1,\nhas changed the email address of the account \"$2\" to \"$3\" on
{{SITENAME}}.\n\nIf this was not you, contact a site administrator
immediately.",
+ "notificationemail_body_removed": "Someone, probably you, from IP
address $1,\nhas removed the email address of the account \"$2\" on
{{SITENAME}}.\n\nIf this was not you, contact a site administrator
immediately.",
"scarytranscludedisabled": "[Interwiki transcluding is disabled]",
"scarytranscludefailed": "[Template fetch failed for $1]",
"scarytranscludefailed-httpstatus": "[Template fetch failed for $1:
HTTP $2]",
diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json
index 93a3e79..301e5a6 100644
--- a/languages/i18n/qqq.json
+++ b/languages/i18n/qqq.json
@@ -784,6 +784,10 @@
"changeemail-submit": "Submit button on [[Special:ChangeEmail]]",
"changeemail-throttled": "Error message shown at
[[Special:ChangeEmail]] after the user has tried to login with incorrect
password too many times.\n\nThe user has to wait a certain time before trying
to log in again.\n\nParameters:\n* $1 - the time to wait before the next login
attempt. Automatically formatted using the following duration messages:\n**
{{msg-mw|Duration-millennia}}\n** {{msg-mw|Duration-centuries}}\n**
{{msg-mw|Duration-decades}}\n** {{msg-mw|Duration-years}}\n**
{{msg-mw|Duration-weeks}}\n** {{msg-mw|Duration-days}}\n**
{{msg-mw|Duration-hours}}\n** {{msg-mw|Duration-minutes}}\n**
{{msg-mw|Duration-seconds}}\n\nThis is a protection against robots trying to
find the password by trying lots of them.\nThe number of attempts and waiting
time are configured via
[[mw:Manual:$wgPasswordAttemptThrottle|$wgPasswordAttemptThrottle]].\nThis
message is used in html.\n\nSee also:\n* {{msg-mw|Changepassword-throttled}}",
"changeemail-nochange": "Error message shown on [[Special:ChangeEmail]]
if the old email address was entered in the new email address field.",
+ "notificationemail_subject_changed": "Subject of the email sent on the
previously registered email address notifying them about the change in the
registered email address.",
+ "notificationemail_subject_removed": "Subject of the email sent on the
previously registered email address notifying them about the removal of the
registered email address.",
+ "notificationemail_body_changed": "Body of the email sent on the
previously registered email address notifying them about the change in the
registered email address.",
+ "notificationemail_body_removed": "Body of the email sent on the
previously registered email address notifying them about the removal of the
registered email address.",
"resettokens": "{{doc-special|ResetTokens}}\nIn this case \"token\" may
be translated as \"key\", or similar.\n{{Identical|Reset token}}",
"resettokens-summary": "{{ignored}}",
"resettokens-text": "Text on [[Special:ResetTokens]].",
--
To view, visit https://gerrit.wikimedia.org/r/276563
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ib1ef76d7eb45ed0fa7ee0c2e7e39af21289367d2
Gerrit-PatchSet: 9
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Galorefitz <smritis.31...@gmail.com>
Gerrit-Reviewer: 01tonythomas <01tonytho...@gmail.com>
Gerrit-Reviewer: Galorefitz <smritis.31...@gmail.com>
Gerrit-Reviewer: Hoo man <h...@online.de>
Gerrit-Reviewer: Legoktm <legoktm.wikipe...@gmail.com>
Gerrit-Reviewer: Parent5446 <tylerro...@gmail.com>
Gerrit-Reviewer: Polybuildr <v.a.ghai...@gmail.com>
Gerrit-Reviewer: Reedy <re...@wikimedia.org>
Gerrit-Reviewer: Siebrand <siebr...@kitano.nl>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
