diff options
| author | Andrew Browning <ayleph@thisshitistemp.com> | 2016-07-19 00:16:48 -0400 |
|---|---|---|
| committer | Andrew Browning <ayleph@thisshitistemp.com> | 2016-07-19 00:16:48 -0400 |
| commit | c49e5162ca8e357be38018d045554ccb38f99b10 (patch) | |
| tree | 69e29e165686b6f6011120d057e07d630e8e78b2 /mediagoblin/edit/views.py | |
| parent | da686c199815137cf9c2b6ce1d1e8c00b82ea680 (diff) | |
| download | mediagoblin-c49e5162ca8e357be38018d045554ccb38f99b10.tar.lz mediagoblin-c49e5162ca8e357be38018d045554ccb38f99b10.tar.xz mediagoblin-c49e5162ca8e357be38018d045554ccb38f99b10.zip | |
Fix #5462 - attempt to change email without login
Require an active login when accessing the form to change an email
address associated with an account. This prevents a server crash when
a user is assumed to be part of the request.
Diffstat (limited to 'mediagoblin/edit/views.py')
| -rw-r--r-- | mediagoblin/edit/views.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 521359f5..b15fb2e7 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -443,6 +443,7 @@ def verify_email(request): user=user.username) +@require_active_login def change_email(request): """ View to change the user's email """ form = forms.ChangeEmailForm(request.form) |