From e586389f6573d4b4b817990064b61276d068b766 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 27 Aug 2009 13:29:39 -0700
Subject: Don't ask for csrf when we're resetting passwords.  They're not gonna
 have one.  Duh! Fixes #642.

---
 modules/user/controllers/password.php | 2 --
 1 file changed, 2 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index 2af1b879..7c432701 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -29,8 +29,6 @@ class Password_Controller extends Controller {
   }
 
   public function do_reset() {
-    access::verify_csrf();
-
     if (request::method() == "post") {
       $this->_change_password();
     } else {
-- 
cgit v1.2.3