knee-cola/evidencija-rezija
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0b8c8ae6c406607e2f8988c1cf93111e13619590
evidencija-rezija/web-app/app/lib/actions/locationActions.ts
Knee Cola 4dc2df4a12 security: add server-side validation for email status transitions 
Implement strict validation to prevent unauthorized email status changes:
- Force status to Unverified when email address changes
- Only allow client to reset status to Unverified (via reset button)
- Block client from upgrading status (Unverified→Verified, etc.)
- All status upgrades must happen server-side via verification links

This prevents attackers from:
- Submitting new emails with fake "verified" status
- Bypassing email verification by modifying client requests
- Escalating email status without proper verification flow

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-29 23:21:49 +01:00

33 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink