Hacker News new | ask | show | jobs
by thedanbob 874 days ago
This doesn't look like the actual fix but rather a follow-up refactor. I believe the fix is here: https://gitlab.com/gitlab-org/gitlab/-/commit/abe79e4ec43798...

    - recoverable.send_reset_password_instructions(to: email) if recoverable&.persisted?
    + recoverable.send_reset_password_instructions if recoverable&.persisted?
3 comments
1oooqooq 874 days ago
on GitHub, the fix would be adding a regex to ensure there was no list on the user supplied email.
link
progval 874 days ago
and making send_reset_password_instructions get the email addresses itself from the "recoverable" object.
link
alexpls 874 days ago
Oh yeah, good pickup thanks!
link