1 files changed, 5 insertions, 0 deletions

diff --git a/token.cgi b/token.cgi
index fa262e76a..20870159a 100755
--- a/token.cgi
+++ b/token.cgi
@@ -108,6 +108,11 @@ if ( $action eq 'reqpw' ) {
         ThrowUserError("password_change_requests_not_allowed");
     }
 
+    # Check the hash token to make sure this user actually submitted
+    # the forgotten password form.
+    my $token = $cgi->param('token');
+    check_hash_token($token, ['reqpw']);
+
     validate_email_syntax($login_name)
         || ThrowUserError('illegal_email_address', {addr => $login_name});