a3x/nyaa
1
0
Fork 0
mirror of https://gitlab.com/SIGBUS/nyaa.git synced 2024-12-22 19:49:59 +00:00
Code Issues Projects Releases Wiki Activity

Enforce password check on email change

Browse source 
Updated route handler to enforce current password check on all account details.
This commit is contained in:
UnKnoWn 2017-05-17 05:10:25 +08:00 committed by GitHub
parent eedc6c170d
commit 1fb249be35
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
nyaa/routes.py
View file

@ -403,6 +403,11 @@ def profile():
new_password = form.new_password.data new_password = form.new_password.data
if new_email: if new_email:
# enforce password check on email change too
if form.current_password.data != user.password_hash:
flask.flash(flask.Markup(
'<strong>Email change failed!</strong> Incorrect password.'), 'danger')
return flask.redirect('/profile')
user.email = form.email.data user.email = form.email.data
if new_password: if new_password: