change user not found message returned to prevent enumeration attack

Andres Campanario · Andres Campanario · commit 706ce20bc07a · 2025-01-08T10:06:16.000+01:00
diff --git a/src/Controller/Traits/PasswordManagementTrait.php b/src/Controller/Traits/PasswordManagementTrait.php
@@ -120,7 +120,7 @@ public function changePassword($id = null)
                     }
                 }
             } catch (UserNotFoundException $exception) {
-                $this->Flash->error(__d('cake_d_c/users', 'User was not found 1'));
+                $this->Flash->error(__d('cake_d_c/users', 'User was not found'));
             } catch (WrongPasswordException $wpe) {
                 $this->Flash->error($wpe->getMessage());
             } catch (Exception $exception) {

Original file line number	Diff line number	Diff line change
`@@ -120,7 +120,7 @@ public function changePassword($id = null)`
`120`	`120`	`}`
`121`	`121`	`}`
`122`	`122`	`} catch (UserNotFoundException $exception) {`
`123`		`- $this->Flash->error(__d('cake_d_c/users', 'User was not found 1'));`
	`123`	`+ $this->Flash->error(__d('cake_d_c/users', 'User was not found'));`
`124`	`124`	`} catch (WrongPasswordException $wpe) {`
`125`	`125`	`$this->Flash->error($wpe->getMessage());`
`126`	`126`	`} catch (Exception $exception) {`