Merge pull request #10895 from creative-commoners/pulls/4.13/cve-2023-32302
[CVE-2023-32302] Require password field to be non-empty
This commit is contained in:
commit
0a1c46e69f
|
@ -731,7 +731,7 @@ class Member extends DataObject
|
|||
$password->setRequireExistingPassword(true);
|
||||
}
|
||||
|
||||
$password->setCanBeEmpty(true);
|
||||
$password->setCanBeEmpty(false);
|
||||
$this->extend('updateMemberPasswordField', $password);
|
||||
|
||||
return $password;
|
||||
|
|
Loading…
Reference in New Issue