No email verification required when we change email from settings

Hey, this is Ahsan Tahir! Issue: --------- When we try to signup with an email, it asks us for clicking a email validation link which is sent to our email, then we have to login, without clicking that link, we cannot login, but when we change email from user settings page/edit settings page, it doesn't asks us for validation.. Impact: ---------- For example, a user creates an account with his email ([email protected]) and verifies it using the link which has been sent to his email, as he/she have access to [email protected], but next he goes to settings and in email change mechanism, he can put any email like ([email protected]) and no verification is required, and the user can login with that email and access his account with the email [email protected], and do some abusive or not good activities and the company will be blamed! Steps To Reproduce:- ------------------------- 1. Go to sign up form. 2. Enter Any Email. 3. Create account * The Account will be activated with any email verification! How to fix? ------------------- Email verification/validation should be required when a user changed email from user settings page.. I hope you'll fix it soon. :-) Thanks, Ahsan Tahir