Currently we have an account swiping problem. If someone gains access to a session, they can escalate that to exclusive full account control by changing the e-mail and using password reset. This process has no notifications (which should be in place) to warn the user that their account has been swiped.
(In reply to comment #7)
(In reply to comment #3)
Why would you want to disable that?
Because I don't like getting extra e-mails? Especially when it's about an action I initiated myself.
Because I don't like getting extra e-mails? Especially when it's about an
action I initiated myself.
I think you /would/ want that in case it wasn't you who initiated it. How often do you change your password? I don't think most people have ever changed their password. Much less doing so often enough to be annoying.
I would like to solve this bug. I believe solving this would require editing of execute() in Special:ChangePassword file to add a sendmail() function along with creation of some messages (in MessagesEN.php) which would form the body of the mail as parameters to sendmail(). This process would be somewhat similar to what has been implemented in PasswordReset. Kindly guide if this is the correct approach and I should go ahead with it.