diff options
| author | Lukas Fleischer <lfleischer@archlinux.org> | 2020-01-30 10:23:50 +0100 |
|---|---|---|
| committer | Lukas Fleischer <lfleischer@archlinux.org> | 2020-01-30 10:31:26 +0100 |
| commit | daee20c694000e1e85a98760773bcbbdc0709527 (patch) | |
| tree | 939c7d7f57ffd3b2aab1dbe7a4e25f27d929cd9d /web/html/account.php | |
| parent | eeaa1c3a3220e3735445d094dc7d2cd9ac07b621 (diff) | |
| download | aur-daee20c694000e1e85a98760773bcbbdc0709527.tar.gz aur-daee20c694000e1e85a98760773bcbbdc0709527.tar.xz | |
Require current password when setting a new one
Prevent from easily taking over an account by changing the password with
a stolen session ID.
Fixes FS#65325.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'web/html/account.php')
| -rw-r--r-- | web/html/account.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/web/html/account.php b/web/html/account.php index 1d59e9c9..7c6c424a 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -34,6 +34,7 @@ if ($action == "UpdateAccount") { in_request("S"), in_request("E"), in_request("H"), + in_request("PO"), in_request("P"), in_request("C"), in_request("R"), |