Only force current password for sensible data

[eschiendorfer]

This is related to: https://github.com/thirtybees/thirtybees/pull/1582

[getdatakick]

This will not work properly without changes to core (1582), right? If this version was deployed on thirtybees 1.4.0, or older, it would not work. The input name has changed, and password validation would fail as well in most cases.

Maybe we should mention this in some readme file, or something like that.

Is there some sort of 'compatibility' tag in theme config.xml file? If not, maybe we should introduce it, to make it clear what minimal version of thirty bees is required?

[eschiendorfer]

Ok I see, that I still have to learn stuff about compatibility. After a long thought, I can confirm, that this would be an issue. We would submit 'passwd_confirmation' and the (old) IdentityControllerCore only knows only about 'confirmation'.

I don't know how we could fix that (also thinking, that updading theme but not core is an edge case). So I guess the compatibility tag would be nice. I have no idea if it's there. We have this lazy_load, webp stuff but never saw a core version specified. I a 'from" value in version (config.xml). But not so sure what variations actually are good for. And as I see, there is no real usage of 'from'.