Via HackerOne. This page fatals if accessed directly while logged out.
The "shouldRequireLogin()" check is wrong; this is a logged-in page.
Differential D16077
Require login for "Must Verify Email" controller epriestley on Jun 7 2016, 11:35 PM. Authored by Tags None Referenced Files
Subscribers None
Details
Via HackerOne. This page fatals if accessed directly while logged out. The "shouldRequireLogin()" check is wrong; this is a logged-in page. Viewed the page while logged out, no more fatal. Faked my way through the actual verification flow.
Diff Detail
|