block channel removal for 48 hours after changing the account password, since the password is required to remove a channel. Somebody looking at an open session on somebody else's computer can simply change the password and then proceed to maliciously remove the channel. This change gives the owner 2 days to discover that something is wrong and recover his/her password and potentially save their channel from getting erased by the vandal. This is most likely to happen if a relationship has gone bad, or something incriminating was found in your private messages when you left your computer briefly unattended.
This commit is contained in:
friendica
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
|
||||
define( 'UPDATE_VERSION' , 1118 );
|
||||
define( 'UPDATE_VERSION' , 1119 );
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -1314,3 +1314,12 @@ DROP INDEX `channel_a_bookmark` , ADD INDEX `channel_w_like` ( `channel_w_like`
|
||||
|
||||
}
|
||||
|
||||
function update_r1118() {
|
||||
$r = q("ALTER TABLE `account` ADD `account_password_changed` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
|
||||
ADD INDEX ( `account_password_changed` )");
|
||||
if($r)
|
||||
return UPDATE_SUCCESS;
|
||||
return UPDATE_FAILED;
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user