Ticket #4604 (closed Bug: invalid)

Opened 11 years ago

Last modified 7 years ago

mailPassword is declared public

Reported by: Anonymous User Owned by:
Priority: minor Milestone: Past
Component: General Version:
Keywords: Cc:


The method mailPassword is declared public in CMFPlone/RegistrationTool.py and not protected (with permission MailForgottenPassword) as in CMFCore/RegistrationTool.py. This makes the permission MailForgottenPassword useless in Plone.

Change History

comment:1 Changed 11 years ago by shh

  • Status changed from new to closed
  • Resolution set to invalid

The permission is checked by code in the mailPassword method. See line 115 of RegistrationTool.py.

comment:2 Changed 11 years ago by Anonymous User

On Plone 2.0.5 ?

The line 115 is:

if not utils.validateSingleEmailAddress(member.getProperty('email')):

raise ValueError, 'The email address did not validate'

And I can have the mail sent even if the permission is removed from everyone.

Or maybe you are saying that it's corrected in Plone 2.1 ?

comment:3 Changed 7 years ago by hannosch

  • Component changed from Permissions to Infrastructure

comment:4 Changed 4 years ago by davisagli

  • Component changed from Infrastructure to General
Note: See TracTickets for help on using tickets.