Skip to content
Snippets Groups Projects
Commit be0133b0 authored by JediKev's avatar JediKev
Browse files

oops: Prevent Account Takeover 

This addresses an issue where someone can “takeover” an account with only
a User’s email and a User’s previous ticket number. Once they get access
to a User’s ticket they can go to the Ticket Owner’s profile and change
the email to whatever they’d like. This adds a check on the profile to see
if the User is a Guest User. If they are a Guest then it kicks them back
to the ticket view. If they are the actual User it will let them view the
profile.
parent c4669d77
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment