dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Remove SessionManager, temporarily
[lhc/web/wiklou.git] / includes / specials / SpecialChangePassword.php
diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php
index 3e5a936..8656798 100644 (file)
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@@ -111,10 +111,13 @@ class SpecialChangePassword extends FormSpecialPage {
                );
 
                if ( !$this->getUser()->isLoggedIn() ) {
+                       if ( !LoginForm::getLoginToken() ) {
+                               LoginForm::setLoginToken();
+                       }
                        $fields['LoginOnChangeToken'] = array(
                                'type' => 'hidden',
                                'label' => 'Change Password Token',
-                               'default' => LoginForm::getLoginToken()->toString(),
+                               'default' => LoginForm::getLoginToken(),
                        );
                }
 
@@ -176,7 +179,7 @@ class SpecialChangePassword extends FormSpecialPage {
                }
 
                if ( !$this->getUser()->isLoggedIn()
-                       && !LoginForm::getLoginToken()->match( $request->getVal( 'wpLoginOnChangeToken' ) )
+                       && $request->getVal( 'wpLoginOnChangeToken' ) !== LoginForm::getLoginToken()
                ) {
                        // Potential CSRF (bug 62497)
                        return false;
@@ -215,8 +218,8 @@ class SpecialChangePassword extends FormSpecialPage {
                        $this->getOutput()->returnToMain();
                } else {
                        $request = $this->getRequest();
-                       LoginForm::clearLoginToken();
-                       $token = LoginForm::getLoginToken()->toString();
+                       LoginForm::setLoginToken();
+                       $token = LoginForm::getLoginToken();
                        $data = array(
                                'action' => 'submitlogin',
                                'wpName' => $this->mUserName,
Wiklou, le Wiki du Wiklou