On 05/06/2013 09:44 AM, Thomas Delafosse wrote: > Hi all, > > After discussing it with Vincent, it seems that it would be better to > be able to access this method without PR : thus we could keep the code for > changing the password in passwd.vm instead of having to make a new page > with PR for that. To avoid malicious users to use it nonetheless, I propose > that this method could only be used to check the current user password, and > only on its profile page. > Does this seems OK to you, or do you think this should be done another way ?
Why only on the user's profile page? The method could allow public check only for the current user, and PR check for any user. -- Sergiu Dumitriu http://purl.org/net/sergiu _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
