From 2137f365677d836e3d3c55c81634d0f732fecdfe Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 6 Aug 2012 23:44:33 +0200
Subject: Bug 706271: CSRF vulnerability in token.cgi allows possible
 unauthorized password reset e-mail request r=reed a=LpSolit

---
 token.cgi | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'token.cgi')

diff --git a/token.cgi b/token.cgi
index fa262e76a..20870159a 100755
--- a/token.cgi
+++ b/token.cgi
@@ -108,6 +108,11 @@ if ( $action eq 'reqpw' ) {
         ThrowUserError("password_change_requests_not_allowed");
     }
 
+    # Check the hash token to make sure this user actually submitted
+    # the forgotten password form.
+    my $token = $cgi->param('token');
+    check_hash_token($token, ['reqpw']);
+
     validate_email_syntax($login_name)
         || ThrowUserError('illegal_email_address', {addr => $login_name});
 
-- 
cgit v1.2.3-24-g4f1b