diff options
| author | Reed Loden <reed@reedloden.com> | 2012-08-31 07:48:17 +0200 |
|---|---|---|
| committer | Reed Loden <reed@reedloden.com> | 2012-08-31 07:48:17 +0200 |
| commit | a456ec46452abaaaa5369c02886c7d5b03e592f3 (patch) | |
| tree | 52e153ff5cf239589e5664b02c1ee1a794e82354 /token.cgi | |
| parent | cc747ce58fb842897b45a67af40e178879cf384d (diff) | |
| parent | 8714b6e62007c8de816a0b7f4e053e25c6de31c8 (diff) | |
| download | bugzilla-a456ec46452abaaaa5369c02886c7d5b03e592f3.tar.gz bugzilla-a456ec46452abaaaa5369c02886c7d5b03e592f3.tar.xz | |
Merge from bugzilla/4.2
Diffstat (limited to 'token.cgi')
| -rwxr-xr-x | token.cgi | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -108,6 +108,11 @@ if ( $action eq 'reqpw' ) { ThrowUserError("password_change_requests_not_allowed"); } + # Check the hash token to make sure this user actually submitted + # the forgotten password form. + my $token = $cgi->param('token'); + check_hash_token($token, ['reqpw']); + validate_email_syntax($login_name) || ThrowUserError('illegal_email_address', {addr => $login_name}); |