diff options
| author | blizzz <blizzz@arthur-schiwon.de> | 2020-05-27 11:18:58 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-27 11:18:58 +0300 |
| commit | c7c7433f11f16d6b9160dc38c646a6b7f9df0fdf (patch) | |
| tree | c1be4db5f56245cd4e781d90860aaff12ec2574c /apps | |
| parent | fdb58f1852676eaa758a4d161dc6e08961043dac (diff) | |
| parent | 292d8c3d9c6c1d9055bbe0178418fa06c031e276 (diff) | |
Merge pull request #21115 from nextcloud/backport/21106/stable18
[stable18] use the loginname to verify the old password in user password changes
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/settings/lib/Controller/ChangePasswordController.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/apps/settings/lib/Controller/ChangePasswordController.php b/apps/settings/lib/Controller/ChangePasswordController.php index c374b3ff8bf..63238771de5 100644 --- a/apps/settings/lib/Controller/ChangePasswordController.php +++ b/apps/settings/lib/Controller/ChangePasswordController.php @@ -113,8 +113,9 @@ class ChangePasswordController extends Controller { * @BruteForceProtection(action=changePersonalPassword) */ public function changePersonalPassword(string $oldpassword = '', string $newpassword = null): JSONResponse { + $loginName = $this->userSession->getLoginName(); /** @var IUser $user */ - $user = $this->userManager->checkPassword($this->userId, $oldpassword); + $user = $this->userManager->checkPassword($loginName, $oldpassword); if ($user === false) { $response = new JSONResponse([ 'status' => 'error', |