Fix #5462 - attempt to change email without login

Require an active login when accessing the form to change an email
address associated with an account. This prevents a server crash when
a user is assumed to be part of the request.

diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 521359f5bcce303540fda3adce4e286f47829092..b15fb2e796bbdb455698384379da37d4ae4442f1 100644 (file)
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -443,6 +443,7 @@ def verify_email(request):
         user=user.username)
 
 
+@require_active_login
 def change_email(request):
     """ View to change the user's email """
     form = forms.ChangeEmailForm(request.form)