Bug 1061247 - Successfully using a password change token should invalidate all other...

r=gerv a=glob

diff --git a/token.cgi b/token.cgi
index 44ca46bd64874b628cc1ff53b940fce5d6ac384d..a85973efcd51ff2ca9fab7abf2a82b91a44dcafc 100755 (executable)
--- a/token.cgi
+++ b/token.cgi
@@ -176,6 +176,8 @@ sub changePassword {
     $user->set_password($password);
     $user->update();
     delete_token($token);
+    $dbh->do(q{DELETE FROM tokens WHERE userid = ?
+               AND tokentype = 'password'}, undef, $user_id);
 
     Bugzilla->logout_user_by_id($user_id);