From d5d5284f053a435934e8beb55060285803c3748f Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sat, 6 Jun 2009 12:52:44 -0700
Subject: Don't ask for CSRF token when trying to view the password reset form.

---
 modules/user/controllers/password.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index 3b0eac66..2dde11b8 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -19,9 +19,9 @@
  */
 class Password_Controller extends Controller {
   public function reset() {
-    access::verify_csrf();
-
     if (request::method() == "post") {
+      // @todo separate the post from get parts of this function
+      access::verify_csrf();
       $this->_send_reset();
     } else {
       print $this->_reset_form();
-- 
cgit v1.2.3