MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Fixed an issue with siteadmin contact e-mails resetting passwords of non existing users 

- a site admin could issue a password reset to a non-existing user
pull/217/head
iglocska 2013-07-25 14:45:34 +02:00
parent bd61f73bd2
commit 96170dae29
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/Controller/UsersController.php
View File

@ -608,6 +608,13 @@ class UsersController extends AppController {
}
$message2 .= "\n\nBest Regards,\n" . Configure::read('CyDefSIG.org') . ' MISP support';
// Return an error message if the action is a password reset for a new user
if ($this->request->data['User']['recipient'] == 2 && $this->request->data['User']['action'] == '1') {
$this->Session->setFlash(__('Cannot reset the password of a user that doesn\'t exist.'));
$this->redirect(array('action' => 'email', 'admin' => true));
}
// Setting up the list of recipient(s) based on the setting and creating the final message for each user, including the password
// If the recipient is all users, and the action to create a password, create it and for each user and squeeze it between the main message and the signature
if ($this->request->data['User']['recipient'] == 0) {