From e712284e6dacc85677da480ff0be03c524d85d9a Mon Sep 17 00:00:00 2001
From: Marian Sigler <m@qjym.de>
Date: Mon, 1 Oct 2012 01:37:41 +0200
Subject: settings: require old password to change password (only therefore)

---
 app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app.py')

diff --git a/app.py b/app.py
index 367ec0f..2754b96 100644
--- a/app.py
+++ b/app.py
@@ -216,7 +216,7 @@ def settings():
                 changed = True
 
             if form.password.data:
-                g.user.change_password(form.password.data, decrypt_password(session['password']))
+                g.user.change_password(form.password.data, form.old_password.data)
                 session['password'] = encrypt_password(form.password.data)
 
                 flash(u'Passwort geändert', 'success')
-- 
cgit v1.2.3-1-g7c22