This might not be a bug, but it ís a security issue. If any user forgets to log
out, and somebody else comes acros the chage settings page, he or she could
easily enter a new password and mail address, thereby completely hijacking the
I think it's important to ask users to enter their password to change those
settings, even if they're logged in.
Updated: 2009-09-30 20:07
severity_id: 12 => 3
Updated: 2009-09-04 04:37
version_id: -1 => 28070
resolution_id: => 5
CMS made simple is Free software under the GNU/GPL licence.
Website designed by Steve Sicherman