mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-10 08:52:39 +01:00
Require login for "Must Verify Email" controller
Summary: Via HackerOne. This page fatals if accessed directly while logged out. The "shouldRequireLogin()" check is wrong; this is a logged-in page. Test Plan: Viewed the page while logged out, no more fatal. Faked my way through the actual verification flow. Reviewers: chad Reviewed By: chad Differential Revision: https://secure.phabricator.com/D16077
This commit is contained in:
parent
9469e3d6ac
commit
ffb50ef45d
1 changed files with 0 additions and 4 deletions
|
@ -3,10 +3,6 @@
|
|||
final class PhabricatorMustVerifyEmailController
|
||||
extends PhabricatorAuthController {
|
||||
|
||||
public function shouldRequireLogin() {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function shouldRequireEmailVerification() {
|
||||
// NOTE: We don't technically need this since PhabricatorController forces
|
||||
// us here in either case, but it's more consistent with intent.
|
||||
|
|
Loading…
Reference in a new issue