Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Require email verification when changing email address. #13533
At the moment every Matomo user could change their E-Mail address to everything they want without any verification (apart from syntax, see #11796). This allows every Matomo user to send an unlimited amount of (for them) SPAM E-Mails to anyone without them ever opting in to receiving them.
When someone tries to change their email address (after confirming their password; #2932) the change should only be saved if the user was able to confirm an link in a sent mail.