Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
password reset request displays email address
... even when the members email is hidden in his account, so everyone can type in a username in the request form and see the email address
another thought to increase security is not to display the username in the support email ('hello username,') but to ask for the username in the pwd reset form?!
0
This discussion has been closed.
Comments
I figured how to get ride of it, in english definitions, line 109 remove the //1 and it removes the email so you don't see it
Perhaps we need a delegate here so that, if one wanted, we could parse out the mailbox name of the address and just return the domain... Or just do that by default in the core?
class UserManagerPatchRequestPasswordReset extends UserManager {...And got this error message:
PHP Fatal error: Class 'UserManager' not found in /home/dinoboff/public_html/extensions/PatchRequestPassword/default.phpAny idea?
Download http://lussumo.com/addons/?PostBackAction=AddOn&Success=1&AddOnID=142,
install it in the extensions folder,
And enable the extension.
NB: It is only work with Vanilla 1.0. If you are using vanilla 1.0.1 from the svn, you will have to wait the next update of Mark.
Also, if you need to translate the extension you just need to add "$Context->Dictionary['PatchRequestPasswordResetYourMail'] = 'your email'; in conf/language.php;"
something like /var/log/error.log or /var/log/httpd/error.log or /var/log/apache/error.log