From c49e5162ca8e357be38018d045554ccb38f99b10 Mon Sep 17 00:00:00 2001 From: Andrew Browning Date: Tue, 19 Jul 2016 00:16:48 -0400 Subject: [PATCH] Fix #5462 - attempt to change email without login Require an active login when accessing the form to change an email address associated with an account. This prevents a server crash when a user is assumed to be part of the request. --- mediagoblin/edit/views.py | 1 + 1 file changed, 1 insertion(+) diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 521359f5..b15fb2e7 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -443,6 +443,7 @@ def verify_email(request): user=user.username) +@require_active_login def change_email(request): """ View to change the user's email """ form = forms.ChangeEmailForm(request.form) -- 2.25.1