From c6d6a6388317f79b5ee342db36fa1105ceaef4f1 Mon Sep 17 00:00:00 2001 From: Chad Whitacre Date: Thu, 15 Jun 2017 10:28:40 -0400 Subject: [PATCH] Explain show_address_in_message --- www/~/%username/emails/modify.json.spt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/www/~/%username/emails/modify.json.spt b/www/~/%username/emails/modify.json.spt index dff3c86915..da38b70824 100644 --- a/www/~/%username/emails/modify.json.spt +++ b/www/~/%username/emails/modify.json.spt @@ -48,8 +48,15 @@ if action in ('add-email', 'resend', 'start-verification'): participant.start_email_verification(address, *packages) if show_address_in_message: + + # When reverifying an already-verified email (package claiming is a + # special case of this), then don't worry about content spoofing, + msg = _("Check {email_address} for a verification link.", email_address=address) else: + + # ... but otherwise, do: https://hackerone.com/reports/117187. + msg = _("Check your inbox for a verification link.") elif action == 'set-primary': participant.set_primary_email(address)