Mercurial > kallithea
changeset 5171:1e079752b756 stable
privacy: on password reset, don't tell strangers if email is valid or not
Password reset form might be used to check if users with specific email
addresses have accounts in the system by requesting their password to be
reset. It's probably not a good idea to give this sort of information to
complete strangers.
author | Andrew Shadura <andrew@shadura.me> |
---|---|
date | Sat, 16 May 2015 16:37:17 +0200 |
parents | 3e1afbd6055f |
children | 5260517c2802 |
files | kallithea/model/forms.py |
diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/model/forms.py Tue Jun 09 10:38:25 2015 +0200 +++ b/kallithea/model/forms.py Sat May 16 16:37:17 2015 +0200 @@ -202,7 +202,7 @@ class _PasswordResetForm(formencode.Schema): allow_extra_fields = True filter_extra_fields = True - email = All(v.ValidSystemEmail(), v.Email(not_empty=True)) + email = v.Email(not_empty=True) return _PasswordResetForm