Require current password when setting a new one
Prevent from easily taking over an account by changing the password with
a stolen session ID.
Fixes FS#65325.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Showing
- web/html/account.php 1 addition, 0 deletionsweb/html/account.php
- web/html/register.php 2 additions, 0 deletionsweb/html/register.php
- web/lib/acctfuncs.inc.php 13 additions, 2 deletionsweb/lib/acctfuncs.inc.php
- web/template/account_edit_form.php 20 additions, 12 deletionsweb/template/account_edit_form.php
Loading
Please register or sign in to comment