1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 14:52:41 +01:00

Require login for "Must Verify Email" controller

Summary:
Via HackerOne. This page fatals if accessed directly while logged out.

The "shouldRequireLogin()" check is wrong; this is a logged-in page.

Test Plan:
Viewed the page while logged out, no more fatal.

Faked my way through the actual verification flow.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16077
This commit is contained in:
epriestley 2016-06-07 16:30:15 -07:00
parent 9469e3d6ac
commit ffb50ef45d

View file

@ -3,10 +3,6 @@
final class PhabricatorMustVerifyEmailController
extends PhabricatorAuthController {
public function shouldRequireLogin() {
return false;
}
public function shouldRequireEmailVerification() {
// NOTE: We don't technically need this since PhabricatorController forces
// us here in either case, but it's more consistent with intent.