From daee20c694000e1e85a98760773bcbbdc0709527 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer
Date: Thu, 30 Jan 2020 10:23:50 +0100
Subject: Require current password when setting a new one
Prevent from easily taking over an account by changing the password with
a stolen session ID.
Fixes FS#65325.
Signed-off-by: Lukas Fleischer
---
web/template/account_edit_form.php | 32 ++++++++++++++++++++------------
1 file changed, 20 insertions(+), 12 deletions(-)
(limited to 'web/template/account_edit_form.php')
diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php
index 5e84aa71..25e91853 100644
--- a/web/template/account_edit_form.php
+++ b/web/template/account_edit_form.php
@@ -86,18 +86,6 @@
/>