From 372cea3a820e13357ecd6dd2c80e301e4a074ba1 Mon Sep 17 00:00:00 2001 From: joshuaruesweg Date: Thu, 18 Jun 2020 19:25:45 +0200 Subject: [PATCH] Add comment to clarify why we disable the user and unconfirm the email --- wcfsetup/install/files/lib/data/user/UserAction.class.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wcfsetup/install/files/lib/data/user/UserAction.class.php b/wcfsetup/install/files/lib/data/user/UserAction.class.php index a0c4abf00d..794e8d965a 100644 --- a/wcfsetup/install/files/lib/data/user/UserAction.class.php +++ b/wcfsetup/install/files/lib/data/user/UserAction.class.php @@ -729,6 +729,10 @@ class UserAction extends AbstractDatabaseObjectAction implements IClipboardActio public function disable() { if (empty($this->objects)) $this->readObjects(); + // We reset the activationCode (which indicates, that the user is not enabled) AND disable the email + // confirm status, because if the user can enable himself by an email confirmation and we do not reset + // the email confirmed status, the behavior is undefined, because an user exists, which is not enabled + // but has a valid email address (Which doesn't usually happen). $action = new UserAction($this->objects, 'update', [ 'data' => [ 'activationCode' => UserRegistrationUtil::getActivationCode(), -- 2.20.1