Last modified: 2009-07-03 13:14:30 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 18760 - Must check $wgEnableEmail before showing ANY email related preferences
Must check $wgEnableEmail before showing ANY email related preferences
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
User preferences (Other open bugs)
1.16.x
All All
: Normal major (vote)
: ---
Assigned To: Andrew Garrett
: easy, patch
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-11 05:05 UTC by Dan Jacobson
Modified: 2009-07-03 13:14 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
move $wgEnableEmail test to outermost, fixing the bug (5.94 KB, patch)
2009-05-20 02:04 UTC, Dan Jacobson
Details
Updated patch so applies to the rapidly changing code. Purposely not indented. Run a beautifier after applying. (760 bytes, patch)
2009-05-27 05:33 UTC, Dan Jacobson
Details

Description Dan Jacobson 2009-05-11 05:05:28 UTC
It is very important that you test $wgEnableEmail before showing the
user ANY email related preferences.

Or else we
* make the user think the wiki has features enabled but in fact they
are disabled.
* cause some users to type in personal information that we DO NOT want to
collect, and is only useful for disabled features.

Please read the definition of $wgEnableEmail in DefaultSettings.php.

The following quick workaround in Preferences.php merely shows you where the test should be. You still
will need to eliminate duplication within it, and of course test, which I haven't.

@@ -270,2 +270,3 @@
                ## Email stuff
+               global $wgEnableEmail; if($wgEnableEmail){#BEGIN QUICK FIX
 
@@ -372,2 +373,3 @@
                }
+               }#END QUICK FIX
        }
Comment 1 Dan Jacobson 2009-05-12 22:52:58 UTC
Why do you insist on collecting email addresses even though
$wgEnableEmail=false?

Wikis may be discussing sensitive topics or located in countries with
repressive governments. Collecting email addresses makes the wiki a
target for police, phishers, and could get the user fired, outed, or
even arrested.

Just check $wgEnableEmail before all other email functions, like you
do here:
specials/SpecialUserlogin.php:878: $template->set( 'useemail', $wgEnableEmail );
templates/Userlogin.php:82: ... if( $this->data['useemail'] && 
templates/Userlogin.php:172: <?php if( $this->data['useemail'] ) { ?>
(However note Bug #10158).
Comment 2 Happy-melon 2009-05-14 10:06:08 UTC
There is no "you".  MediaWiki is built by a collaboration of volunteers; you must already know this.  No one is "insisting" on anything, it's just that, in the 30 hours between your posts, no one has happened to look at this bug and think it interesting enough for them to spend time fixing. Certainly no one has thought it of such dire importance as to warrant a hackish "quick fix". If you think it *is* important enough to warrant attention, you are encouraged to develop, test, and present a patch yourself, which can be reviewed and applied.  

See also bug18549.
Comment 3 Dan Jacobson 2009-05-20 02:04:59 UTC
Created attachment 6138 [details]
move $wgEnableEmail test to outermost, fixing the bug
Comment 4 Dan Jacobson 2009-05-27 05:33:40 UTC
Created attachment 6161 [details]
Updated patch so applies to the rapidly changing code. Purposely not indented. Run a beautifier after applying.
Comment 5 Dan Jacobson 2009-06-02 00:09:37 UTC
One can also do array_push($wgHiddenPrefs,'emailaddress'); for now before the patch is applied.

Comment 6 Andrew Garrett 2009-07-03 13:14:30 UTC
Done with r52736.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links