summaryrefslogtreecommitdiff
path: root/includes/specials/SpecialChangePassword.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/specials/SpecialChangePassword.php')
-rw-r--r--includes/specials/SpecialChangePassword.php16
1 files changed, 16 insertions, 0 deletions
diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php
index c54b5575..a75e7e83 100644
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@@ -52,6 +52,11 @@ class SpecialChangePassword extends UnlistedSpecialPage {
$this->mDomain = $request->getVal( 'wpDomain' );
$user = $this->getUser();
+
+ if ( !$user->isLoggedIn() && !LoginForm::getLoginToken() ) {
+ LoginForm::setLoginToken();
+ }
+
if ( !$request->wasPosted() && !$user->isLoggedIn() ) {
$this->error( $this->msg( 'resetpass-no-info' )->text() );
@@ -81,6 +86,14 @@ class SpecialChangePassword extends UnlistedSpecialPage {
return;
}
+ if ( !$user->isLoggedIn()
+ && $request->getVal( 'wpLoginOnChangeToken' ) !== LoginForm::getLoginToken()
+ ) {
+ // Potential CSRF (bug 62497)
+ $this->error( $this->msg( 'sessionfailure' )->text() );
+ return false;
+ }
+
$this->attemptReset( $this->mNewpass, $this->mRetype );
if ( $user->isLoggedIn() ) {
@@ -157,6 +170,9 @@ class SpecialChangePassword extends UnlistedSpecialPage {
'wpName' => $this->mUserName,
'wpDomain' => $this->mDomain,
) + $this->getRequest()->getValues( 'returnto', 'returntoquery' );
+ if ( !$user->isLoggedIn() ) {
+ $hiddenFields['wpLoginOnChangeToken'] = LoginForm::getLoginToken();
+ }
$hiddenFieldsStr = '';
foreach ( $hiddenFields as $fieldname => $fieldvalue ) {
$hiddenFieldsStr .= Html::hidden( $fieldname, $fieldvalue ) . "\n";