Merge branch 'master' of git@github.com:gallery/gallery3

author: andyst <andy.st@gmail.com> 2009-06-01 23:45:37 -0700
committer: andyst <andy.st@gmail.com> 2009-06-01 23:45:37 -0700
commit: 02a840c84cada5a1c0cc0768f350424460310e5d (patch)
tree: 6a35d4afddcf291327a4ff42245bca17328084ae /modules/user/controllers/password.php
parent: d0845aadc629cf10b8eee490a651c039750a1430 (diff)
parent: 3b6567f38c206f1302c7b22d94d5eae4b458311a (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index c3e66634..3b0eac66 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -19,6 +19,8 @@
  */
 class Password_Controller extends Controller {
   public function reset() {
+    access::verify_csrf();
+
     if (request::method() == "post") {
       $this->_send_reset();
     } else {
@@ -27,6 +29,8 @@ class Password_Controller extends Controller {
   }
 
   public function do_reset() {
+    access::verify_csrf();
+
     if (request::method() == "post") {
       $this->_change_password();
     } else {
author	andyst <andy.st@gmail.com>	2009-06-01 23:45:37 -0700
committer	andyst <andy.st@gmail.com>	2009-06-01 23:45:37 -0700
commit	02a840c84cada5a1c0cc0768f350424460310e5d (patch)
tree	6a35d4afddcf291327a4ff42245bca17328084ae /modules/user/controllers/password.php
parent	d0845aadc629cf10b8eee490a651c039750a1430 (diff)
parent	3b6567f38c206f1302c7b22d94d5eae4b458311a (diff)