cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Prevent CSRF bypass with password reset form

Browse source
This commit is contained in:
Tom Hughes 2021-02-09 22:59:54 +00:00
parent c49e400aa3
commit 51af102c00
2 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/users_controller.rb
View file

@ -151,7 +151,7 @@ class UsersController < ApplicationController
def lost_password
@title = t "users.lost_password.title"
if params[:email]
if request.post?
user = User.visible.find_by(:email => params[:email])
if user.nil?