From f85333e98adff296700e01ece8843aaf94694257 Mon Sep 17 00:00:00 2001
From: Inverle <inverle@proton.me>
Date: Thu, 31 Jul 2025 09:24:37 +0200
Subject: Require current password when setting new password (#7763)

* Require current password when setting new password

* i18n: fr

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
---
 p/scripts/extra.js | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'p/scripts')

diff --git a/p/scripts/extra.js b/p/scripts/extra.js
index 41e79ec6a..c94d004ce 100644
--- a/p/scripts/extra.js
+++ b/p/scripts/extra.js
@@ -39,6 +39,19 @@ function init_crypto_form() {
 	}
 
 	crypto_form.onsubmit = function (e) {
+		let challenge = crypto_form.querySelector('#challenge');
+		if (!challenge) {
+			crypto_form.querySelectorAll('[data-challenge-if-not-empty] input[type="password"]').forEach(el => {
+				if (el.value !== '' && !challenge) {
+					crypto_form.insertAdjacentHTML('beforeend', '<input type="hidden" id="challenge" name="challenge" />');
+					challenge = crypto_form.querySelector('#challenge');
+				}
+			});
+			if (!challenge) {
+				return true;
+			}
+		}
+
 		e.preventDefault();
 
 		if (!submit_button) {
@@ -64,7 +77,7 @@ function init_crypto_form() {
 						const strong = window.Uint32Array && window.crypto && (typeof window.crypto.getRandomValues === 'function');
 						const s = bcrypt.hashSync(document.getElementById('passwordPlain').value, json.salt1);
 						const c = bcrypt.hashSync(json.nonce + s, strong ? bcrypt.genSaltSync(4) : poormanSalt());
-						document.getElementById('challenge').value = c;
+						challenge.value = c;
 						if (!s || !c) {
 							openNotification('Crypto error!', 'bad');
 						} else {
-- 
cgit v1.2.3