Last modified: 2009-07-03 13:14:30 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T20760, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 18760 - Must check $wgEnableEmail before showing ANY email related preferences
Must check $wgEnableEmail before showing ANY email related preferences
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
User preferences (Other open bugs)
1.16.x
All All
: Normal major (vote)
: ---
Assigned To: Andrew Garrett
: easy, patch
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-11 05:05 UTC by Dan Jacobson
Modified: 2009-07-03 13:14 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
move $wgEnableEmail test to outermost, fixing the bug (5.94 KB, patch)
2009-05-20 02:04 UTC, Dan Jacobson
Details
Updated patch so applies to the rapidly changing code. Purposely not indented. Run a beautifier after applying. (760 bytes, patch)
2009-05-27 05:33 UTC, Dan Jacobson
Details

Description Dan Jacobson 2009-05-11 05:05:28 UTC
It is very important that you test $wgEnableEmail before showing the
user ANY email related preferences.

Or else we
* make the user think the wiki has features enabled but in fact they
are disabled.
* cause some users to type in personal information that we DO NOT want to
collect, and is only useful for disabled features.

Please read the definition of $wgEnableEmail in DefaultSettings.php.

The following quick workaround in Preferences.php merely shows you where the test should be. You still
will need to eliminate duplication within it, and of course test, which I haven't.

@@ -270,2 +270,3 @@
                ## Email stuff
+               global $wgEnableEmail; if($wgEnableEmail){#BEGIN QUICK FIX
 
@@ -372,2 +373,3 @@
                }
+               }#END QUICK FIX
        }
Comment 1 Dan Jacobson 2009-05-12 22:52:58 UTC
Why do you insist on collecting email addresses even though
$wgEnableEmail=false?

Wikis may be discussing sensitive topics or located in countries with
repressive governments. Collecting email addresses makes the wiki a
target for police, phishers, and could get the user fired, outed, or
even arrested.

Just check $wgEnableEmail before all other email functions, like you
do here:
specials/SpecialUserlogin.php:878: $template->set( 'useemail', $wgEnableEmail );
templates/Userlogin.php:82: ... if( $this->data['useemail'] && 
templates/Userlogin.php:172: <?php if( $this->data['useemail'] ) { ?>
(However note Bug #10158).
Comment 2 Happy-melon 2009-05-14 10:06:08 UTC
There is no "you".  MediaWiki is built by a collaboration of volunteers; you must already know this.  No one is "insisting" on anything, it's just that, in the 30 hours between your posts, no one has happened to look at this bug and think it interesting enough for them to spend time fixing. Certainly no one has thought it of such dire importance as to warrant a hackish "quick fix". If you think it *is* important enough to warrant attention, you are encouraged to develop, test, and present a patch yourself, which can be reviewed and applied.  

See also bug18549.
Comment 3 Dan Jacobson 2009-05-20 02:04:59 UTC
Created attachment 6138 [details]
move $wgEnableEmail test to outermost, fixing the bug
Comment 4 Dan Jacobson 2009-05-27 05:33:40 UTC
Created attachment 6161 [details]
Updated patch so applies to the rapidly changing code. Purposely not indented. Run a beautifier after applying.
Comment 5 Dan Jacobson 2009-06-02 00:09:37 UTC
One can also do array_push($wgHiddenPrefs,'emailaddress'); for now before the patch is applied.

Comment 6 Andrew Garrett 2009-07-03 13:14:30 UTC
Done with r52736.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links