Require users to input their password to change their email

[ToksT]

Emails can be used for password resets.

If someone got access to your account via another vulnerability like #886, they wouldn't normally know your password, so they would only temporarily have access.

But if they could change your email, they could change your password via a reset, thus gaining permanent access. (Also opening up the ability to delete the account, since they now have the password.)

This could be avoided by requiring the password to be input when changing email.

[ghostrigger]

in case we want to step it up a bit further maybe require the user to enter password when accessing / changing Settings this will protect both the delete and email user settings. or for more paranoid type another confirmation when deleting?

[MyrMindservant]

in case we want to step it up a bit further maybe require the user to enter password when accessing / changing Settings this will protect both the delete and email user settings.

This is overdoing it. I don't want to enter my password every time I change something there. Don't forget that blacklisted tags and frequently used tags are also at the settings page and they can be modified fairly frequently.

[ToksT]

I agree with @MyrMindservant. I'm not sure anyone who gains access to your account would have reason to change your other settings, but if they did it shouldn't have irreversible consequences. Email/password/deletion should be enough to ask for confirmation.