Skip to content
Browse files

Trigger error when resetting password for user with empty email

When password reset is handled through verification e-mails, the
administrator should not be able to reset the password if the user's
e-mail is blank as the user won't receive the verification URL.

Fixes #15893
  • Loading branch information...
1 parent 82d0515 commit c618719605913d696a569e413bf34c535fbdc18e @dregad dregad committed May 21, 2013
Showing with 5 additions and 0 deletions.
  1. +5 −0 core/user_api.php
View
5 core/user_api.php
@@ -1458,6 +1458,11 @@ function user_reset_password( $p_user_id, $p_send_email = true ) {
# and user_reset_password() )?
if(( ON == config_get( 'send_reset_password' ) ) && ( ON == config_get( 'enable_email_notification' ) ) ) {
+ $t_email = user_get_field( $p_user_id, 'email' );
+ if( is_blank( $t_email ) ) {
+ trigger_error( ERROR_LOST_PASSWORD_NO_EMAIL_SPECIFIED, ERROR );
+ }
+
# Create random password
$t_password = auth_generate_random_password();
$t_password2 = auth_process_plain_password( $t_password );

0 comments on commit c618719

Please sign in to comment.
Something went wrong with that request. Please try again.