View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0022746 | mantisbt | authentication | public | 2017-04-19 11:36 | 2017-04-30 14:48 |
Reporter | vboctor | Assigned To | vboctor | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 2.3.1 | ||||
Target Version | 2.3.2 | Fixed in Version | 2.3.2 | ||
Summary | 0022746: Lost password redirects to login page if email address is empty and anonymous access is disabled | ||||
Description | As part of evaluating whether the email address is valid or not, the code ends up redirecting the user to login page due to a call to get a user id while no user is authenticated. | ||||
Tags | No tags attached. | ||||
MantisBT: master-2.3 9c9297e2 2017-04-19 07:40 Details Diff |
Lost password email validation fix This was caused when: - anonymous authentication is OFF. - email address is left empty. This caused calling auth_get_current_user_id() when no user is authenticated which causes user to get redirected to login page and then get directed to lost password action page, which then complains that there is no valid form security token. The correct behavior is to prompt an error message that email address is invalid. Fixes 0022746 |
Affected Issues 0022746 |
|
mod - core/current_user_api.php | Diff File |