mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-26 16:52:41 +01:00
Require login for "Must Verify Email" controller
Summary: Via HackerOne. This page fatals if accessed directly while logged out. The "shouldRequireLogin()" check is wrong; this is a logged-in page. Test Plan: Viewed the page while logged out, no more fatal. Faked my way through the actual verification flow. Reviewers: chad Reviewed By: chad Differential Revision: https://secure.phabricator.com/D16077
This commit is contained in:
parent
9469e3d6ac
commit
ffb50ef45d
1 changed files with 0 additions and 4 deletions
|
@ -3,10 +3,6 @@
|
||||||
final class PhabricatorMustVerifyEmailController
|
final class PhabricatorMustVerifyEmailController
|
||||||
extends PhabricatorAuthController {
|
extends PhabricatorAuthController {
|
||||||
|
|
||||||
public function shouldRequireLogin() {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function shouldRequireEmailVerification() {
|
public function shouldRequireEmailVerification() {
|
||||||
// NOTE: We don't technically need this since PhabricatorController forces
|
// NOTE: We don't technically need this since PhabricatorController forces
|
||||||
// us here in either case, but it's more consistent with intent.
|
// us here in either case, but it's more consistent with intent.
|
||||||
|
|
Loading…
Reference in a new issue