IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: always allow staff to resend activation mails

Browse Source
This commit is contained in:
Sam
2017-03-13 10:32:24 -04:00
parent 1a745ca16a
commit a690121805
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/users_controller.rb
View File

@@ -571,7 +571,7 @@ class UsersController < ApplicationController
raise Discourse::NotFound unless @user
if (current_user && !current_user.staff?) ||
if !current_user&.staff? &&
@user.id != session[SessionController::ACTIVATE_USER_KEY]
raise Discourse::InvalidAccess