php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-26 14:26:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

more validation for password reset token in advanced app

Browse Source 
fixes #2099
This commit is contained in:
Carsten Brandt
2014-01-21 17:13:40 +01:00
parent b8558a860a
commit b9e1ce3f97
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/advanced/frontend/controllers/SiteController.php
View File

@ -126,12 +126,16 @@ class SiteController extends Controller
public function actionResetPassword($token) public function actionResetPassword($token)
{ {
if (empty($token) || is_array($token)) {
throw new BadRequestHttpException('Invalid password reset token.');
}
$model = User::find([ $model = User::find([
'password_reset_token' => $token, 'password_reset_token' => $token,
'status' => User::STATUS_ACTIVE, 'status' => User::STATUS_ACTIVE,
]); ]);
if (!$model) { if ($model === null) {
throw new BadRequestHttpException('Wrong password reset token.'); throw new BadRequestHttpException('Wrong password reset token.');
} }