iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixes #2522 use privacy-preserving verification message

Browse Source 
Replace the explicit "An email has been sent with a verification code" message with a privacy-preserving wording: "If your account exists, a verification code has been sent to your email address." This avoids account enumeration. Updated language entries in en_UK and fr_FR, the server-side message in password.php, and the password reset template.
This commit is contained in:
Linty
2026-02-12 17:25:50 +01:00
parent 74edc39995
commit b26ca3e08a
4 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
password.php
View File

@@ -360,7 +360,7 @@ if (isset($_POST['submit']))
{
if (process_verification_code())
{
$page['infos'][] = l10n('An email has been sent with a verification code');
$page['infos'][] = l10n('If your account exists, a verification code has been sent to your email address.');
$page['action'] = 'lost_code';
}
}