BUG Fix the password reset message to be shown consistently.

If we detect any of the password reset GET params, it's safe to assume that someone intended a password reset, regardless of other conditions.
silverstripe · Oct 24, 2013 · 1a39f61 · 1a39f61
1 parent 7cf8e65
commit 1a39f61
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/security/Security.php b/security/Security.php
@@ -658,9 +658,8 @@ public function changepassword() {
 				'Form' => $this->ChangePasswordForm()));
 
 		} else {
-			// show an error message if the auto login token is invalid and the
-			// user is not logged in
-			if(!isset($_REQUEST['t']) || !$member) {
+			// Show friendly message if it seems like the user arrived here via password reset feature.
+			if(isset($_REQUEST['m']) || isset($_REQUEST['t'])) {
 				$customisedController = $controller->customise(
 					array('Content' =>
 						_t(