Fixes #19758 -- disables e-mail leaking through the password reset form #754

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
3 participants
Contributor

zerok commented Feb 23, 2013

Ticket: #19758

PasswordResetForm's validation logic no longer checks if a provided email is registered in the system to prevent information leaking to attackers.

This patch includes updated unittests, docs and templates.

Owner

aaugustin commented Feb 23, 2013

Merged in 2f4a470, thanks!

@timgraham timgraham closed this Jun 14, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment