From 6a28b5135400ea3889e0348c22eba2b33712c88d Mon Sep 17 00:00:00 2001 From: PCoder Date: Sat, 23 Feb 2019 18:45:53 +0100 Subject: [PATCH] Fix bug: check the posted username also with logged in user's username --- dal/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dal/views.py b/dal/views.py index d8443df..26f82f9 100644 --- a/dal/views.py +++ b/dal/views.py @@ -333,7 +333,7 @@ class ResetRequest(View): # get the hidden value of user user = request.POST.get("user") # some checks over the supplied data - if user == "" or not user: + if user == "" or not user or user != self.request.user.username: return render(request, 'error.html', { 'service': service, 'error': 'Something went wrong. Did you use the supplied form?' } ) if password1 == "" or not password1 or password2 == "" or not password2: return render(request, 'error.html', { 'service': service, 'error': 'Please supply a password and confirm it.' } )