From 2dcd8f8a25fc698f2279a09752cc7bb9dfe1d7ec Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Mon, 26 Oct 2009 11:37:03 -0700
Subject: When we are changing the password using the change password from as
 part of the password reset, the input value is in the post[hash] variable as
 opposed to the get(key) value.  This should fix ticket #850.

---
 modules/user/controllers/password.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index 6bef1a17..b76a5e92 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -116,7 +116,7 @@ class Password_Controller extends Controller {
   private function _change_password() {
     $view = $this->_new_password_form();
     if ($view->content->validate()) {
-      $user = user::lookup_user_by_field("hash", Input::instance()->get("key"));
+      $user = user::lookup_by_hash(Input::instance()->post("hash"));
       if (empty($user)) {
         throw new Exception("@todo FORBIDDEN", 503);
       }
-- 
cgit v1.2.3