From a905395d7fd7dce12a8f51b68aaeede0959480b6 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 6 Jun 2013 22:46:30 +0200
Subject: Bug 878035: Do not disclose whether a user account exists or not when
 a user clicks "forgot password" r=dkl a=LpSolit

---
 template/en/default/global/messages.html.tmpl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'template/en/default/global/messages.html.tmpl')

diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl
index 95b74f1df..885198668 100644
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -571,7 +571,8 @@
 
   [% ELSIF message_tag == "password_change_request" %]
     [% title = "Request to Change Password" %]
-    A token for changing your password has been emailed to you.
+    A token for changing your password has been emailed to
+    <em>[% login_name FILTER html %]</em>.
     Follow the instructions in that email to change your password.
 
   [% ELSIF message_tag == "password_changed" %]
-- 
cgit v1.2.3-24-g4f1b