diff MoinMoin/action/newaccount.py @ 2888:78d96fd775ba

make newuser action check email using get_by_email_address Reimar pointed out that it is possible to register another email address with different case while get_by_email_address works case-insensitively which could result in security problems when retrieving the password
author Johannes Berg <johannes AT sipsolutions DOT net>
date Thu, 11 Oct 2007 11:27:10 +0200
parents f3e3ffa68a7f
children a310264ad186
line wrap: on
line diff
--- a/MoinMoin/action/newaccount.py	Fri Oct 05 07:54:22 2007 -0700
+++ b/MoinMoin/action/newaccount.py	Thu Oct 11 11:27:10 2007 +0200
@@ -72,13 +72,8 @@
 
     # Email should be unique - see also MoinMoin/script/accounts/moin_usercheck.py
     if theuser.email and request.cfg.user_email_unique:
-        users = user.getUserList(request)
-        for uid in users:
-            if uid == theuser.id:
-                continue
-            thisuser = user.User(request, uid)
-            if thisuser.email == theuser.email and not thisuser.disabled:
-                return _("This email already belongs to somebody else.")
+        if user.get_by_email_address(request, theuser.email):
+            return _("This email already belongs to somebody else.")
 
     # save data
     theuser.save()