- First commit to issue fork.
- last update
over 1 year ago 29,378 pass, 2 fail - @bramdriesen opened merge request.
- Status changed to Needs review
over 1 year ago 3:32pm 12 May 2023 - 🇧🇪Belgium BramDriesen Belgium 🇧🇪
Been thinking about this for a bit. I don't think this should be an opt-in feature like the patch in #2 is doing. I have checked a few other applications and CMS's systems (including Wordpress) and none of them (which I tested) pre-fill the username/email field if there is one.
This might break a few tests so those will need to be fixed as well.
- Status changed to Needs work
over 1 year ago 9:28pm 12 May 2023 - 🇺🇸United States smustgrave
Luckily only a failures :)
If I had to vote I would say the opt-in feature makes the most sense.
Though since it's only passing what was inputted in the username field, and not really validating the username, think the default should be to not include the username.
- 🇧🇪Belgium BramDriesen Belgium 🇧🇪
I'm still more fan of removal. Having a checkbox in Core that makes your site less secure seems a tad weird (it would also need a disclaimer then since it has security implications). We would also need to do config changes, provide an upgrade hook etc for this which in my eyes looks a bit overkill as well. It's "just" the password forgot redirect query parameter :-) it's not like we are really breaking or changing functionality. Besides pre-filling that form of course, but most people with browser autocomplete won't even notice this I think.
- last update
over 1 year ago 29,388 pass - Status changed to Needs review
over 1 year ago 8:54am 13 May 2023 - 🇺🇸United States smustgrave
Since I’ve never noticed this feature don’t see any issue removing. I don’t think it would be much of a lose
- Status changed to RTBC
over 1 year ago 3:25pm 13 May 2023 - last update
over 1 year ago 29,388 pass - last update
over 1 year ago 29,388 pass - last update
over 1 year ago 29,388 pass - last update
over 1 year ago 29,388 pass - Open on Drupal.org →Environment: PHP 8.1 & MySQL 5.7last update
over 1 year ago Waiting for branch to pass - last update
over 1 year ago 29,395 pass - last update
over 1 year ago 29,399 pass - last update
over 1 year ago 29,399 pass - last update
over 1 year ago 29,400 pass - last update
over 1 year ago 29,409 pass - last update
over 1 year ago 29,409 pass - last update
over 1 year ago 29,415 pass - last update
about 1 year ago 29,420 pass - last update
about 1 year ago 29,420 pass - last update
about 1 year ago 29,425 pass - last update
about 1 year ago 29,429 pass - last update
about 1 year ago 29,430 pass - last update
about 1 year ago 29,430 pass - last update
about 1 year ago 29,430 pass - last update
about 1 year ago 29,436 pass 37:24 33:38 Running- last update
about 1 year ago 29,441 pass - last update
about 1 year ago 29,442 pass - last update
about 1 year ago 29,443 pass - last update
about 1 year ago 29,443 pass - last update
about 1 year ago 29,443 pass - last update
about 1 year ago 29,439 pass - last update
about 1 year ago 29,439 pass - last update
about 1 year ago 29,443 pass - last update
about 1 year ago 29,444 pass - last update
about 1 year ago 29,446 pass - last update
about 1 year ago 29,446 pass - last update
about 1 year ago 29,446 pass -
larowlan →
committed 4b0e8708 on 11.x
Issue #2414187 by BramDriesen, cussack: User email disclosure in /user/...
-
larowlan →
committed 4b0e8708 on 11.x
- Status changed to Fixed
about 1 year ago 7:44am 20 July 2023 Automatically closed - issue fixed for 2 weeks with no activity.
