Fixed PasswordChange service can ignore errors

X

Xon

Well-known member
Affected version
2.0.10
PasswordChange::isValid assumes that the only error that XF\Entity\UserAuth can return is against the 'password' field. Except UserAuth is a fully entity which can in theory return a large number of potential errors.

PHP: 
public function isValid(&$error)
{
   $this->userAuth->preSave();

   $errors = $this->userAuth->getErrors();
   if (empty($errors['password']))
   {
      return true;
   }
   else
   {
      $error = $errors['password'];
      return false;
   }
}
 
Thank you for reporting this issue. The issue is now resolved and we are aiming to include that in a future XF release (2.0.12).

Change log:
Ensure PasswordChange service errors on any UserAuth error.
Click to expand...
Any changes made as a result of this issue being resolved may not be rolled out here until later.
 

Similar threads

X
Fixed Can't follow users who are in an email bounced state, but can ignore them
Replies
1
Views
639
XF Bug Bot
XF Bug Bot
W
  • Question Question
XF 1.4 Users can ignore administrative/moderator usergroups
Replies
12
Views
3K
Stuart Wright
Stuart Wright
Anthony Parsons
  • Suggestion Suggestion
Lack of interest 1.1 Beta - Super Admin Can Ignore Users
Replies
7
Views
836
Jeremy
Jeremy
Back
Top Bottom