),
);
+ if ( !$this->getUser()->isLoggedIn() ) {
+ if ( !LoginForm::getLoginToken() ) {
+ LoginForm::setLoginToken();
+ }
+ $fields['LoginOnChangeToken'] = array(
+ 'type' => 'hidden',
+ 'label' => 'Change Password Token',
+ 'default' => LoginForm::getLoginToken(),
+ );
+ }
+
$extraFields = array();
wfRunHooks( 'ChangePasswordForm', array( &$extraFields ) );
foreach ( $extraFields as $extra ) {
? 'resetpass-submit-loggedin'
: 'resetpass_submit'
);
- $form->addButton( 'wpCancel', $this->msg( 'resetpass-submit-cancel' )->text() );
+ $form->addButton( 'wpCancel', $this->msg( 'resetpass-submit-cancel' )->text() );
$form->setHeaderText( $this->msg( 'resetpass_text' )->parseAsBlock() );
if ( $this->mPreTextMessage instanceof Message ) {
$form->addPreText( $this->mPreTextMessage->parseAsBlock() );
return false;
}
+ if ( !$this->getUser()->isLoggedIn()
+ && $request->getVal( 'wpLoginOnChangeToken' ) !== LoginForm::getLoginToken()
+ ) {
+ // Potential CSRF (bug 62497)
+ return false;
+ }
+
+
if ( $request->getCheck( 'wpCancel' ) ) {
$titleObj = Title::newFromText( $request->getVal( 'returnto' ) );
if ( !$titleObj instanceof Title ) {
}
$query = $request->getVal( 'returntoquery' );
$this->getOutput()->redirect( $titleObj->getFullURL( $query ) );
+
return true;
}