Do not allow blank password on account verification

Fixes #20816
mantisbt · May 14, 2016 · 01affc8 · 01affc8
1 parent 8fadfb2
commit 01affc8
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/account_update.php b/account_update.php
@@ -88,6 +88,12 @@
 $t_password_updated = false;
 $t_realname_updated = false;
 
+# Do not allow blank passwords in account verification/reset
+if( $t_account_verification && is_blank( $f_password ) ) {
+	error_parameters( lang_get( 'password' ) );
+	trigger_error( ERROR_EMPTY_FIELD, ERROR );
+}
+
 $t_ldap = ( LDAP == config_get( 'login_method' ) );
 
 # Update email (but only if LDAP isn't being used)