Ensure only own addresses are updated (#10397)

diff --git a/models/user.go b/models/user.go
index d77a54b06983bc464a0f03be9b0e4032585e8fa1..5031849f90e2285ad44b935cebc0141d3781f920 100644 (file)
--- a/models/user.go
+++ b/models/user.go
@@ -1025,7 +1025,7 @@ func VerifyActiveEmailCode(code, email string) *EmailAddress {
                data := com.ToStr(user.ID) + email + user.LowerName + user.Passwd + user.Rands
 
                if base.VerifyTimeLimitCode(data, minutes, prefix) {
-                       emailAddress := &EmailAddress{Email: email}
+                       emailAddress := &EmailAddress{UID: user.ID, Email: email}
                        if has, _ := x.Get(emailAddress); has {
                                return emailAddress
                        }

diff --git a/models/user_mail.go b/models/user_mail.go
index d929ba5a5d892c7deed92714eed7647d30eab540..41f08c9db28a438858d7e6d83207e911bc56eac6 100644 (file)
--- a/models/user_mail.go
+++ b/models/user_mail.go
@@ -201,7 +201,7 @@ func MakeEmailPrimary(email *EmailAddress) error {
        }
 
        // Make sure the former primary email doesn't disappear.
-       formerPrimaryEmail := &EmailAddress{Email: user.Email}
+       formerPrimaryEmail := &EmailAddress{UID: user.ID, Email: user.Email}
        has, err = x.Get(formerPrimaryEmail)
        if err != nil {
                return err