From a5eb016fc4b8f83f65b7c57cdcddb36de44b5404 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 3 Jan 2023 15:30:26 +0100
Subject: [PATCH] fix: [security] disallow multiple individuals with the same
 e-mail address
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- As reported by Matúš Mikuláš, Adam Gajdošík, Milan Pikula of SK-CERT
---
 src/Model/Table/IndividualsTable.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/Model/Table/IndividualsTable.php b/src/Model/Table/IndividualsTable.php
index 04f80fb..95828ff 100644
--- a/src/Model/Table/IndividualsTable.php
+++ b/src/Model/Table/IndividualsTable.php
@@ -6,6 +6,8 @@ use App\Model\Table\AppTable;
 use Cake\ORM\Table;
 use Cake\Validation\Validator;
 use Cake\ORM\Query;
+use Cake\ORM\RulesChecker;
+use Cake\Core\Configure;
 
 
 class IndividualsTable extends AppTable
@@ -46,6 +48,12 @@ class IndividualsTable extends AppTable
         $this->setDisplayField('email');
     }
 
+    public function buildRules(RulesChecker $rules): RulesChecker
+    {
+        $rules->add($rules->isUnique(['email']));
+        return $rules;
+    }
+
     public function validationDefault(Validator $validator): Validator
     {
         $validator