It would be better if we change hook_form_alter() to hook_form_FORM_ID_alter(). This prevent the alter hook being invoked when not required.
/**
* Implements hook_form_alter().
*
* Checks for the user password reset form and changes the validate and submit
* functions. Uses the overrided functions defined in this module instead of
* Drupal cores.
*/
function username_enumeration_prevention_form_alter(&$form, &$form_state, $form_id) {
// Check to see if form is the reset password form.
if (strlen(strstr($form_id, 'user_pass')) > 0) {
// Override core validate and submit actions.
$form['#validate'][array_search('user_pass_validate', $form['#validate'])] = 'username_enumeration_prevention_pass_validate';
$form['#submit'][array_search('user_pass_submit', $form['#submit'])] = 'username_enumeration_prevention_pass_submit';
}
}
to
/**
* Implements hook_form_alter().
*
* Checks for the user password reset form and changes the validate and submit
* functions. Uses the overrided functions defined in this module instead of
* Drupal cores.
*/
function username_enumeration_prevention_form_alter(&$form, &$form_state, $form_id) {
// Override core validate and submit actions.
$form['#validate'][array_search('user_pass_validate', $form['#validate'])] = 'username_enumeration_prevention_pass_validate';
$form['#submit'][array_search('user_pass_submit', $form['#submit'])] = 'username_enumeration_prevention_pass_submit';
}
Comments
Comment #2
a_thakur commentedPlease find the patch which fixes the above issue.
Comment #3
a_thakur commentedComment #4
nicksanta commentedThanks, I'll test this out soon. I will also check if this patch resolves #2483899: Multiple reset emails too.
Comment #6
nicksanta commentedCommitted to 7.x-1.x branch - thanks for your contribution!
https://github.com/nicksantamaria/drupal-username_enumeration_prevention...
Comment #7
nicksanta commentedWork in progress for 8.x branch - waiting on tests being ported from 7.x
https://github.com/nicksantamaria/drupal-username_enumeration_prevention...
Comment #9
nicksanta commentedCommitted to 8.x-1.x branch - thanks for your contribution!
https://github.com/nicksantamaria/drupal-username_enumeration_prevention...
Comment #10
nicksanta commented