[buddypress-trac] [BuddyPress Trac] #6049: Do not activate user accounts automatically with one click
buddypress-trac
noreply at wordpress.org
Tue Dec 12 02:26:15 UTC 2017
#6049: Do not activate user accounts automatically with one click
-------------------------------------+---------------------------
Reporter: vimes1984 | Owner: boonebgorges
Type: enhancement | Status: closed
Priority: normal | Milestone: 3.0
Component: Members | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch needs-testing |
-------------------------------------+---------------------------
Changes (by boonebgorges):
* owner: => boonebgorges
* status: reopened => closed
* resolution: => fixed
Comment:
In [changeset:"11766"]:
{{{
#!CommitTicketReference repository="" revision="11766"
Members: Require a form submission to activate an account.
Previously, simply loading a URL of the form `/activate/12345` would
activate
the account with key `12345`. This caused conflicts with some mail
scanning
services, which follow links in emails, causing accounts to be self-
activated.
A small backward-compatibility layer ensures that custom activate.php
templates containing forms with `action="get"` continue to work.
Fixes #6049.
}}}
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6049#comment:13>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list