Permalink
Browse files

BUG Fix the password reset message to be shown consistently.

If we detect any of the password reset GET params, it's safe to assume
that someone intended a password reset, regardless of other conditions.
  • Loading branch information...
1 parent 7cf8e65 commit 1a39f61598acb7fd2a2e5f49415e91609f720dc0 @mateusz mateusz committed Oct 24, 2013
Showing with 2 additions and 3 deletions.
  1. +2 −3 security/Security.php
View
5 security/Security.php
@@ -658,9 +658,8 @@ public function changepassword() {
'Form' => $this->ChangePasswordForm()));
} else {
- // show an error message if the auto login token is invalid and the
- // user is not logged in
- if(!isset($_REQUEST['t']) || !$member) {
+ // Show friendly message if it seems like the user arrived here via password reset feature.
+ if(isset($_REQUEST['m']) || isset($_REQUEST['t'])) {
$customisedController = $controller->customise(
array('Content' =>
_t(

0 comments on commit 1a39f61

Please sign in to comment.