diff options
| author |  Inverle <inverle@proton.me>
| 2025-09-15 22:17:14 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-09-15 22:17:14 +0200 |
| commit | ddb51c0e95074c6fbddade547ca267801177bb01 (patch) | |
| tree | b036f516b8c437f6cc83a1b4ed721b5cdc79688d /app/Controllers/userController.php | |
| parent | 38b7daedf70e38e5953e3d4b7bf6c764a1c9c4e0 (diff) | |
Fix another user self-delete regression (#7877)
Regression from #7763
Earlier regression which was fixed before #7626
In addition:
* get rid of `data-toggle` (refactor)
* show invalid login message if deleting account and entered incorrect password instead of redirect to 403
* remove unused reference to `r` parameter
* `forgetOpenCategories()` on login not on any crypto form
Diffstat (limited to 'app/Controllers/userController.php')
| -rw-r--r-- | app/Controllers/userController.php | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index 1f4452523..e71c8aaa0 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -635,13 +635,16 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController { $username, FreshRSS_Context::userConf()->passwordHash, $nonce, $challenge ); + if (!$ok) { + Minz_Request::bad(_t('feedback.auth.login.invalid'), ['c' => 'user', 'a' => 'profile']); + return; + } } elseif (self::reauthRedirect()) { return; } - if ($ok) { - $ok &= self::deleteUser($username); - } + $ok &= self::deleteUser($username); + if ($ok && $self_deletion) { FreshRSS_Auth::removeAccess(); $redirect_url = ['c' => 'index', 'a' => 'index']; |