https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25947 --- Comment #18 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- (In reply to David Cook from comment #17)
(In reply to David Cook from comment #16)
We really shouldn't be doing this. It's best practice not to tell an unauthenticated user that an account has been locked due to failed login attempts. It leaks information about system settings and user accounts.
If we're going to do something insecure, we should wrap it in a system preference, default it to disabled, and have explanatory text on the system preference page saying it's an insecure setting.
I thin this is a misunderstanding. The patch is not about the message that the user sees, but about the message that staff will see. +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/patron_messages.inc The user receives a neutral message still. This is to help staff to see the reason why someone has been locked out. -- You are receiving this mail because: You are watching all bug changes.