diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-06-06 12:52:44 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-06-06 12:52:44 -0700 |
| commit | d5d5284f053a435934e8beb55060285803c3748f (patch) | |
| tree | e06372685826daed897faea6c4c6005ea0b47cae /modules/user/controllers | |
| parent | 277d72d9fad8777ea5483845155ff87b5ad2ce4c (diff) | |
Don't ask for CSRF token when trying to view the password reset form.
Diffstat (limited to 'modules/user/controllers')
| -rw-r--r-- | modules/user/controllers/password.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index 3b0eac66..2dde11b8 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -19,9 +19,9 @@ */ class Password_Controller extends Controller { public function reset() { - access::verify_csrf(); - if (request::method() == "post") { + // @todo separate the post from get parts of this function + access::verify_csrf(); $this->_send_reset(); } else { print $this->_reset_form(); |