Currently, when a new user regsiters for a Drupal account the details are sent to the users supplied email address. This provides a basic mechanism that confirms the user is at that email address. However, once registered, users are permitted to change their email address without further confirming that the user is in fact at that email address.
- A user can change their email address to be that of an unsusspecting third party as no confirmation of change is required. Using a second Drupal account (with it's email address also faked using the same method) the first user is then able to send anonymous malicious messages to the unsusspecting third party
- A slow method for sending spam but exploitable none the less
Add a mechanism (similar to reset password) that:
- Sends an E-mail to the new address requiring the verification of the new address (similar to register confirmation).
- Sends a notification E-mal to the old address.
- Allow the site builder to customise both messages at
- Provides an update path to set the default behaviour and messages content.
- Write tests.
User interface changes
New UI additions to
New controller used for mail changing:
Data model changes
New schema for configs