Prevent admins from sending themselves their own password
|Assignee:||Jean-Philippe Lang||% Done:|
|Category:||Accounts / authentication|
As an admin, when setting one's own password via
Users#edit instead of via the "proper form" at
My#password, there should not be an option to send the password in plaintext to oneself.
IMO, the "send account information" option is made for cases where a new login/password need to be transmitted to another user after they have been set by the admin. When setting one's own password (even as admin), there should be no reason (or possibility) to send it via email.
The attached patch solves this issue.
Prevent admins from sending themselves their own password (#21436).
Patch by Jan Schulz-Hofen.