Add RejectEverythingFormField if email MFA is already active

We must not allow submitting the form in this case, because we will trigger the
assertion otherwise.

diff --git a/wcfsetup/install/files/lib/system/user/multifactor/EmailMultifactorMethod.class.php b/wcfsetup/install/files/lib/system/user/multifactor/EmailMultifactorMethod.class.php
index 16250fdc8c22f233e56453768ae0d3d8e5d3104d..b00cf1a35f0223c484d6e6730116055efeb34375 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/multifactor/EmailMultifactorMethod.class.php
+++ b/wcfsetup/install/files/lib/system/user/multifactor/EmailMultifactorMethod.class.php
@@ -7,6 +7,7 @@ use wcf\system\email\SimpleEmail;
 use wcf\system\flood\FloodControl;
 use wcf\system\form\builder\container\FormContainer;
 use wcf\system\form\builder\field\ButtonFormField;
+use wcf\system\form\builder\field\RejectEverythingFormField;
 use wcf\system\form\builder\field\TextFormField;
 use wcf\system\form\builder\field\validation\FormFieldValidationError;
 use wcf\system\form\builder\field\validation\FormFieldValidator;
@@ -56,6 +57,7 @@ final class EmailMultifactorMethod implements IMultifactorMethod
                 ->appendChildren([
                     LanguageItemFormNode::create('enabled')
                         ->languageItem('wcf.user.security.multifactor.email.enabled.description'),
+                    RejectEverythingFormField::create(),
                 ]);
             $form->appendChild($statusContainer);
         } else {