Ticket #1143 (open enhancement)
- Created: 2019-12-23 12:36:53
- Reported by: Visman
- Assigned to: None
- Milestone: None
- Component: security
- Priority: lowest
When recovering the password, the letter should be sent to email from the database, and not to the email entered by the user.
Franz 2019-12-30 10:46:10
Hi, can you please explain what that would change? Unless I am missing something, we are [making an equality check in the query](https://github.com/fluxbb/fluxbb/blob/b … n.php#L142), so the value in the database would be exactly the same?
What's the "security" aspect here?
Visman 2019-12-30 13:00:07
Here rather a preventive ticket. Suddenly FluxBB will start to support Unicode email addresses. Therefore Priority == lowest.
Hacking GitHub with Unicode's dotless 'i': https://eng.getwisdom.io/hacking-github … dotless-i/