mirror of https://github.com/zulip/zulip.git
7b795b6338
create_preregistration_user is a footgun, because it takes the realm from the request. The calling code is supposed to validate that registration for the realm is allowed first, but can sometimes do that on "realm" taken from something else than the request - and later on calls create_preregistration_user, thus leading to prereg user creation on unvalidated request.realm. It's safer, and makes more sense, for this function to take the intended realm as argument, instead of taking the entire request. It follows that the same should be done for prepare_activation_url. |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| cache.py | ||
| camo.py | ||
| dev_login.py | ||
| email_log.py | ||
| integrations.py | ||
| registration.py | ||