vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

[fix] removing injected security breach

Browse source
This commit is contained in:
Saurabh 2018-10-11 11:24:44 +05:30
parent 5732102f93
commit 2a7dd16031
1 changed files with 2 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
frappe/core/doctype/user/user.py
View file

@ -797,24 +797,17 @@ def sign_up(email, full_name, redirect_to):
return 2, _("Please ask your administrator to verify your sign-up")
@frappe.whitelist(allow_guest=True)
def reset_password(user, send_email=True):
def reset_password(user):
if user=="Administrator":
return 'not allowed'
if isinstance(send_email, unicode) or isinstance(send_email, basestring):
if send_email=='false':
send_email = False
try:
user = frappe.get_doc("User", user)
if not user.enabled:
return 'disabled'
user.validate_reset_password()
link = user.reset_password(send_email=send_email)
if not send_email:
return { "link": link }
user.reset_password(send_email=True)
return frappe.msgprint(_("Password reset instructions have been sent to your email"))