From 8222ed65c30f308adc92f2da19e746cb7b22eba2 Mon Sep 17 00:00:00 2001 From: Reed Loden Date: Tue, 30 Sep 2014 22:32:15 -0700 Subject: Bug 1061247 - Successfully using a password change token should invalidate all other password change tokens for that user r=gerv a=glob --- token.cgi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/token.cgi b/token.cgi index 13e54b695..ddfdc159b 100755 --- a/token.cgi +++ b/token.cgi @@ -180,6 +180,8 @@ sub changePassword { $user->set_password($password); $user->update(); delete_token($token); + $dbh->do(q{DELETE FROM tokens WHERE userid = ? + AND tokentype = 'password'}, undef, $user_id); Bugzilla->logout_user_by_id($user_id); -- cgit v1.2.3-24-g4f1b