13 May
2013
13 May
'13
5:42 p.m.
On 05/06/2013 09:44 AM, Thomas Delafosse wrote:
Hi all,
After discussing it with Vincent, it seems that it would be better to
be able to access this method without PR : thus we could keep the code for
changing the password in passwd.vm instead of having to make a new page
with PR for that. To avoid malicious users to use it nonetheless, I propose
that this method could only be used to check the current user password, and
only on its profile page.
Does this seems OK to you, or do you think this should be done another way ?
Why only on the user's profile page?
The method could allow public check only for the current user, and PR
check for any user.
--
Sergiu Dumitriu
http://purl.org/net/sergiu