There is a syntax error in on line 28.

In addition, the access permissions on email_verify page pose a real security/privacy risk since anyone with view access content permission (everyone) can view all other user email addresses. The path should be set to:


and the access arguments should be set to:

administer users

Attached is patch which fixes this (patched against 6.x-1.x-dev 2009-Mar-19).

email_verify-admin-users.patch954 bytesJohn Money


Thanks for the fixes.

I never documented the verify function, so the risk is smaller, but indeed it can easily be found in the code, so it's safer like this.

The patch is applied to the 6.x-1.x-dev branch.

Status:Needs review» Fixed

This is now fixed in 6.x-1.1

Assigned:Unassigned» dbr

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.