Page MenuHomePhabricator
Create Task
Maniphest T20760

Must check $wgEnableEmail before showing ANY email related preferences
Closed, ResolvedPublic
Actions

Description

It is very important that you test $wgEnableEmail before showing the
user ANY email related preferences.

Or else we

  • make the user think the wiki has features enabled but in fact they

are disabled.

  • cause some users to type in personal information that we DO NOT want to

collect, and is only useful for disabled features.

Please read the definition of $wgEnableEmail in DefaultSettings.php.

The following quick workaround in Preferences.php merely shows you where the test should be. You still
will need to eliminate duplication within it, and of course test, which I haven't.

@@ -270,2 +270,3 @@

  1. Email stuff

+ global $wgEnableEmail; if($wgEnableEmail){#BEGIN QUICK FIX

@@ -372,2 +373,3 @@

}

+ }#END QUICK FIX

}

Version: 1.16.x
Severity: major

Details

Reference
bz18760

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:36 PM
bzimport added projects: MediaWiki-Core-Preferences, good first task.
bzimport set Reference to bz18760.
Jidanni created this task.May 11 2009, 5:05 AM
Jidanni added a comment.May 12 2009, 10:52 PM

Why do you insist on collecting email addresses even though
$wgEnableEmail=false?

Wikis may be discussing sensitive topics or located in countries with
repressive governments. Collecting email addresses makes the wiki a
target for police, phishers, and could get the user fired, outed, or
even arrested.

Just check $wgEnableEmail before all other email functions, like you
do here:
specials/SpecialUserlogin.php:878: $template->set( 'useemail', $wgEnableEmail );
templates/Userlogin.php:82: ... if( $this->data['useemail'] &&
templates/Userlogin.php:172: <?php if( $this->data['useemail'] ) { ?>
(However note Bug #10158).

bzimport added a comment.May 14 2009, 10:06 AM

happy.melon.wiki wrote:

There is no "you". MediaWiki is built by a collaboration of volunteers; you must already know this. No one is "insisting" on anything, it's just that, in the 30 hours between your posts, no one has happened to look at this bug and think it interesting enough for them to spend time fixing. Certainly no one has thought it of such dire importance as to warrant a hackish "quick fix". If you think it *is* important enough to warrant attention, you are encouraged to develop, test, and present a patch yourself, which can be reviewed and applied.

See also bug18549.

Jidanni added a comment.May 20 2009, 2:04 AM

Created attachment 6138
move $wgEnableEmail test to outermost, fixing the bug

attachment wgEnableEmailOuter.diff ignored as obsolete

Jidanni added a comment.May 27 2009, 5:33 AM

Created attachment 6161
Updated patch so applies to the rapidly changing code. Purposely not indented. Run a beautifier after applying.

Attached:

EmaPrefWrap.txt760 BDownload

Jidanni added a comment.Jun 2 2009, 12:09 AM

One can also do array_push($wgHiddenPrefs,'emailaddress'); for now before the patch is applied.

werdna added a comment.Jul 3 2009, 1:14 PM

Done with r52736.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL