MantisBT: master-1.3.x 14c61a8c

Author Committer Branch Timestamp Parent
dregad dregad master-1.3.x 2017-04-10 04:17 master-1.3.x 71fe6b56
Affected Issues  0022690: CVE-2017-7615: Account verification page allows resetting any user's password
Changeset

Verify account only if a request is in progress

The account verification page should only proceed and allow updating the
user's profile (including resetting their password) when there is an
active activation token.

Fixes 0022690

Backported from cfbc5e54af6c2e9fc9ca7b72fa7b31aa284625f1

mod - verify.php Diff File