diff options
| author | Lukas Fleischer <lfleischer@archlinux.org> | 2020-01-30 10:23:50 +0100 |
|---|---|---|
| committer | Lukas Fleischer <lfleischer@archlinux.org> | 2020-01-30 10:31:26 +0100 |
| commit | daee20c694000e1e85a98760773bcbbdc0709527 (patch) | |
| tree | 939c7d7f57ffd3b2aab1dbe7a4e25f27d929cd9d /web/html/register.php | |
| parent | eeaa1c3a3220e3735445d094dc7d2cd9ac07b621 (diff) | |
| download | aur-daee20c694000e1e85a98760773bcbbdc0709527.tar.gz aur-daee20c694000e1e85a98760773bcbbdc0709527.tar.xz | |
Require current password when setting a new one
Prevent from easily taking over an account by changing the password with
a stolen session ID.
Fixes FS#65325.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'web/html/register.php')
| -rw-r--r-- | web/html/register.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/web/html/register.php b/web/html/register.php index a4264829..8174e342 100644 --- a/web/html/register.php +++ b/web/html/register.php @@ -26,6 +26,7 @@ if (in_request("Action") == "NewAccount") { in_request("H"), '', '', + '', in_request("R"), in_request("L"), in_request("TZ"), @@ -54,6 +55,7 @@ if (in_request("Action") == "NewAccount") { in_request("H"), '', '', + '', in_request("R"), in_request("L"), in_request("TZ"), |