0036509: Account Update does not use UserUpdateCommand

ID	Project	Category	View Status	Date Submitted	Last Update
0036509	mantisbt	code cleanup	public	2025-10-19 05:03	2026-02-07 03:03

Reporter	dregad	Assigned To	vboctor
Priority	normal	Severity	minor	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	2.26.0
Target Version	2.29.0	Fixed in Version	2.29.0

Summary	0036509: Account Update does not use UserUpdateCommand
Description	When UserUpdateCommand was implemented in 0032464, account_update.php was not adapted to use the new command.
Tags	No tags attached.

MantisBT: master 2f9f8bbc 2026-02-05 23:16 vboctor Details Diff	Update `account_update.php` to use `UserUpdateCommand` Fixes 0036509	Affected Issues 0036509
	mod - account_update.php	Diff File
MantisBT: master f6c92d91 2026-02-06 15:38 vboctor Details Diff	Add tests for allow_blank_email Tests that the `allow_blank_email` config is respected when clearing a user's email via the REST API: admin is always allowed, non-admin is rejected when `OFF` and allowed when `ON`. Fixes 0036509	Affected Issues 0036509
	mod - tests/rest/RestUserTest.php	Diff File
MantisBT: master b7d37e2a 2026-02-06 22:46 vboctor Details Diff	Use ?? operator in UserUpdateCommand Fixes 0036509	Affected Issues 0036509
	mod - core/commands/UserUpdateCommand.php	Diff File

related to	0032464	closed	vboctor	Implement UserUpdateCommand
related to	0036005	closed	dregad	CVE-2025-55155: Lack of verification when changing a user's email address

vboctor 2026-02-05 23:19 manager ~0070766	PR: https://github.com/mantisbt/mantisbt/pull/2179