Skip to content

Commit

Permalink
Merge pull request #10895 from creative-commoners/pulls/4.13/cve-2023…
Browse files Browse the repository at this point in the history 
…-32302

[CVE-2023-32302] Require password field to be non-empty
  • Loading branch information
@GuySartorelli
GuySartorelli authored Jul 30, 2023
2 parents cb7be27 + 7b21b38 commit 0a1c46e
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/Security/Member.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -731,7 +731,7 @@ public function getMemberPasswordField()
$password->setRequireExistingPassword(true);
}

$password->setCanBeEmpty(true);
$password->setCanBeEmpty(false);
$this->extend('updateMemberPasswordField', $password);

return $password;
Expand Down

0 comments on commit 0a1c46e

Please sign in to comment.