MantisBT: master-2.27 0d04eed6

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.27 2025-08-10 13:14 master-2.27 09840507
Affected Issues  0036005: CVE-2025-55155: Lack of verification when changing a user's email address
Changeset

Remove pending email if admin updates it

If a user account has e pending TOKEN_ACCOUNT_CHANGE_EMAIL and an admin
updates that user's email address, it effectively invalidates the
earlier email change so we delete the token in this case.

Issue 0036005
mod - core/commands/UserUpdateCommand.php Diff File