Changeset - 1e079752b756
Parent rev.
Child rev.
[Not reviewed]
stable
0 1 0
Andrew Shadura - 11 years ago 2015-05-16 16:37:17
andrew@shadura.me
privacy: on password reset, don't tell strangers if email is valid or not

Password reset form might be used to check if users with specific email
addresses have accounts in the system by requesting their password to be
reset. It's probably not a good idea to give this sort of information to
complete strangers.
1 file changed with 1 insertions and 1 deletions:
kallithea/model/forms.py
1
1
0 comments (0 inline, 0 general)
kallithea/model/forms.py
Show inline comments
 
@@ -202,7 +202,7 @@ def PasswordResetForm():
 
    class _PasswordResetForm(formencode.Schema):
 
        allow_extra_fields = True
 
        filter_extra_fields = True
 
        email = All(v.ValidSystemEmail(), v.Email(not_empty=True))
 
        email = v.Email(not_empty=True)
 
    return _PasswordResetForm
 

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.