1
0
Fork 0
mirror of https://gitlab.com/SIGBUS/nyaa.git synced 2024-12-22 14:10:00 +00:00

Enforce password check on email change

Updated route handler to enforce current password check on all account details.
This commit is contained in:
UnKnoWn 2017-05-17 05:10:25 +08:00 committed by GitHub
parent eedc6c170d
commit 1fb249be35

View file

@ -403,6 +403,11 @@ def profile():
new_password = form.new_password.data
if new_email:
# enforce password check on email change too
if form.current_password.data != user.password_hash:
flask.flash(flask.Markup(
'<strong>Email change failed!</strong> Incorrect password.'), 'danger')
return flask.redirect('/profile')
user.email = form.email.data
if new_password:
@ -624,4 +629,4 @@ def site_help():
@app.route('/api/upload', methods = ['POST'])
def api_upload():
api_response = api_handler.api_upload(flask.request)
return api_response
return api_response