summaryrefslogtreecommitdiffstats
path: root/web/html/register.php
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@archlinux.org>2020-01-30 10:23:50 +0100
committerLukas Fleischer <lfleischer@archlinux.org>2020-01-30 10:31:26 +0100
commitdaee20c694000e1e85a98760773bcbbdc0709527 (patch)
tree939c7d7f57ffd3b2aab1dbe7a4e25f27d929cd9d /web/html/register.php
parenteeaa1c3a3220e3735445d094dc7d2cd9ac07b621 (diff)
downloadaur-daee20c694000e1e85a98760773bcbbdc0709527.tar.gz
aur-daee20c694000e1e85a98760773bcbbdc0709527.tar.xz
Require current password when setting a new one
Prevent from easily taking over an account by changing the password with a stolen session ID. Fixes FS#65325. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'web/html/register.php')
-rw-r--r--web/html/register.php2
1 files changed, 2 insertions, 0 deletions
diff --git a/web/html/register.php b/web/html/register.php
index a4264829..8174e342 100644
--- a/web/html/register.php
+++ b/web/html/register.php
@@ -26,6 +26,7 @@ if (in_request("Action") == "NewAccount") {
in_request("H"),
'',
'',
+ '',
in_request("R"),
in_request("L"),
in_request("TZ"),
@@ -54,6 +55,7 @@ if (in_request("Action") == "NewAccount") {
in_request("H"),
'',
'',
+ '',
in_request("R"),
in_request("L"),
in_request("TZ"),