summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorReed Loden <reed@reedloden.com>2014-10-01 07:32:15 +0200
committerReed Loden <reed@reedloden.com>2014-10-01 07:32:15 +0200
commit8222ed65c30f308adc92f2da19e746cb7b22eba2 (patch)
treed33ccecf0ace25cc22d272f23afa9c1e635887ed
parentf5a7c7d2472f5a4940343785ab9619247f8895a5 (diff)
downloadbugzilla-8222ed65c30f308adc92f2da19e746cb7b22eba2.tar.gz
bugzilla-8222ed65c30f308adc92f2da19e746cb7b22eba2.tar.xz
Bug 1061247 - Successfully using a password change token should invalidate all other password change tokens for that user
r=gerv a=glob
-rwxr-xr-xtoken.cgi2
1 files changed, 2 insertions, 0 deletions
diff --git a/token.cgi b/token.cgi
index 13e54b695..ddfdc159b 100755
--- a/token.cgi
+++ b/token.cgi
@@ -180,6 +180,8 @@ sub changePassword {
$user->set_password($password);
$user->update();
delete_token($token);
+ $dbh->do(q{DELETE FROM tokens WHERE userid = ?
+ AND tokentype = 'password'}, undef, $user_id);
Bugzilla->logout_user_by_id($user_id);