From a7205073716ba3df1e94d813c86a884aa8eecdc7 Mon Sep 17 00:00:00 2001 From: JediKev <kevin@enhancesoft.com> Date: Thu, 23 May 2019 11:06:36 -0500 Subject: [PATCH] issue: Account Registration Throws Errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This addresses issue 4898 where a User that clicks the ticket link in an email alert to view the ticket, in that ticket view clicks the link to register for an account, fills out the registration form, and clicks Create will throw a an "Unable to register account. See messages below." error. When the Users get this error there are no messages below so they can't see anything to fix which prevents them from creating an account. This is due to the email field being disabled which means the value is not sent in POST so the system thinks the User sent no email address which throws a hidden "Email field required." error. We disabled the email field to prevent an attacker from accessing the user’s guest login and registering the user with a different email (possibly his own). This sets a POST value called 'email' to the client's email so that the registration process acknowledges and validates the email allowing registration to continue. --- account.php | 1 + 1 file changed, 1 insertion(+) diff --git a/account.php b/account.php index 947a4c36f..07255c848 100644 --- a/account.php +++ b/account.php @@ -58,6 +58,7 @@ elseif ($_POST) { if ($thisclient) { $user_form->getField('email')->configure('disabled', true); $user_form->getField('email')->value = $thisclient->getEmail(); + $_POST['email'] = $thisclient->getEmail(); } if (!$user_form->isValid(function($f) { return !$f->isVisibleToUsers(); })) -- GitLab