From 8222ed65c30f308adc92f2da19e746cb7b22eba2 Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Tue, 30 Sep 2014 22:32:15 -0700
Subject: Bug 1061247 - Successfully using a password change token should
 invalidate all other password change tokens for that user r=gerv a=glob

---
 token.cgi | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'token.cgi')

diff --git a/token.cgi b/token.cgi
index 13e54b695..ddfdc159b 100755
--- a/token.cgi
+++ b/token.cgi
@@ -180,6 +180,8 @@ sub changePassword {
     $user->set_password($password);
     $user->update();
     delete_token($token);
+    $dbh->do(q{DELETE FROM tokens WHERE userid = ?
+               AND tokentype = 'password'}, undef, $user_id);
 
     Bugzilla->logout_user_by_id($user_id);
 
-- 
cgit v1.2.3-24-g4f1b