MantisBT: master-2.3 cfbc5e54

Author Committer Branch Timestamp Parent
dregad dregad master-2.3 2017-04-10 08:17:14 master-2.3 757320b2
Affected Issues  0022690: CVE-2017-7615: Account verification page allows resetting any user's password

Verify account only if a request is in progress

The account verification page should only proceed and allow updating the
user's profile (including resetting their password) when there is an
active activation token.

Fixes 0022690

mod - verify.php Diff File