MantisBT: master-2.27 e4ffb379

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.27 2025-10-19 11:00 master-2.27 28946439
Affected Issues  0036005: CVE-2025-55155: Lack of verification when changing a user's email address
Changeset

Handle email change in UserUpdateCommand

The update_user() method now triggers the email validation process via
TOKEN_ACCOUNT_CHANGE_EMAIL when it is changed by the user, replicating
the behavior in account_page.php.

This ensures consistent behavior between REST API and GUI.

Fixes 0036005
mod - core/commands/UserUpdateCommand.php Diff File