Note on privacy

1 files changed, 6 insertions, 0 deletions

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 37cc0db99..77508e0c6 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -256,6 +256,9 @@ class UserController < ApplicationController
         user_alreadyexists = User.find_user_by_email(@signchangeemail.new_email)
         if user_alreadyexists
             UserMailer.deliver_changeemail_already_used(@user.email, @signchangeemail.new_email)
+            # it is important this screen looks the same as the one below, so
+            # you can't change to someone's email in order to tell if they are
+            # registered with that email on the site
             render :action => 'signchangeemail_confirm'
             return
         end
@@ -271,6 +274,9 @@ class UserController < ApplicationController
 
             url = confirm_url(:email_token => post_redirect.email_token)
             UserMailer.deliver_changeemail_confirm(@user, @signchangeemail.new_email, url)
+            # it is important this screen looks the same as the one above, so
+            # you can't change to someone's email in order to tell if they are
+            # registered with that email on the site
             render :action => 'signchangeemail_confirm'
             return
         end