From 56342f21d27295e98327be4b49e54205b7a02e13 Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Mon, 18 Mar 2019 18:55:39 +0100
Subject: demand a valid password for account deletion

---
 index.pl | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'index.pl')

diff --git a/index.pl b/index.pl
index 1af79a4..06318fa 100755
--- a/index.pl
+++ b/index.pl
@@ -1479,8 +1479,14 @@ post '/delete' => sub {
 		$self->render( 'account', invalid => 'csrf' );
 		return;
 	}
+
 	my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch;
+
 	if ( $self->param('action') eq 'delete' ) {
+		if (not $self->authenticate($self->current_user->{name}, $self->param('password'))) {
+			$self->render( 'account', invalid => 'password' );
+			return;
+		}
 		$self->app->mark_for_deletion_query->execute( $now,
 			$self->current_user->{id} );
 	}
-- 
cgit v1.2.3