MantisBT: master-2.3 cfbc5e54

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.3 2017-04-10 04:17 master-2.3 757320b2
Affected Issues  0022690: CVE-2017-7615: Account verification page allows resetting any user's password
Changeset

Verify account only if a request is in progress

The account verification page should only proceed and allow updating the
user's profile (including resetting their password) when there is an
active activation token.

Fixes 0022690
mod - verify.php Diff File