Bug 1061247 - Successfully using a password change token should invalidate all…

Bug 1061247 - Successfully using a password change token should invalidate all other password change tokens for that user r=gerv a=glob

Bug 1061247 - Successfully using a password change token should invalidate all…
eab0867f · Reed Loden · fa1698c5 · eab0867f
Commit eab0867f authored Sep 30, 2014 by Reed Loden
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

token.cgi token.cgi +2 -0

No files found.
--- a/token.cgi
+++ b/token.cgi
@@ -176,6 +176,8 @@ sub changePassword {
    $user->set_password($password);
    $user->update();
    delete_token($token);
+    $dbh->do(q{DELETE FROM tokens WHERE userid = ?
+               AND tokentype = 'password'}, undef, $user_id);

    Bugzilla->logout_user_by_id($user_id);