verifyEmailChange : Validate user_id (#1058)

shleeable · web-flow · commit 2b3f00318f17 · 2026-06-10T00:08:12.000-06:00
* Update EmailChangeController.php

* Update EmailChangeController.php
diff --git a/app/Http/Controllers/EmailChangeController.php b/app/Http/Controllers/EmailChangeController.php
@@ -132,6 +132,12 @@ public function verifyEmailChange(Request $request)
             'user_id' => 'required|integer|min:1|max:9999999999',
             'token' => 'required|string',
         ]);
+
+        $user = $request->user();
+        if ($request->input('user_id') != $user->id) {
+            return $this->error('Invalid user_id value, please try again', 422);
+        }
+
         $id = $request->input('user_id');
         $token = $request->input('token');
 
