Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Trigger error when resetting password for user with empty email

When password reset is handled through verification e-mails, the
administrator should not be able to reset the password if the user's
e-mail is blank as the user won't receive the verification URL.

Fixes #15893
  • Loading branch information...
commit c618719605913d696a569e413bf34c535fbdc18e 1 parent 82d0515
@dregad dregad authored
Showing with 5 additions and 0 deletions.
  1. +5 −0 core/user_api.php
View
5 core/user_api.php
@@ -1458,6 +1458,11 @@ function user_reset_password( $p_user_id, $p_send_email = true ) {
# and user_reset_password() )?
if(( ON == config_get( 'send_reset_password' ) ) && ( ON == config_get( 'enable_email_notification' ) ) ) {
+ $t_email = user_get_field( $p_user_id, 'email' );
+ if( is_blank( $t_email ) ) {
+ trigger_error( ERROR_LOST_PASSWORD_NO_EMAIL_SPECIFIED, ERROR );
+ }
+
# Create random password
$t_password = auth_generate_random_password();
$t_password2 = auth_process_plain_password( $t_password );
Please sign in to comment.
Something went wrong with that request. Please try again.