From: Reed Loden <reed@reedloden.com>
Date: Wed, 1 Oct 2014 05:32:15 +0000 (-0700)
Subject: Bug 1061247 - Successfully using a password change token should invalidate all other... 
X-Git-Tag: bugzilla-4.5.6~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8222ed65c30f308adc92f2da19e746cb7b22eba2;p=thirdparty%2Fbugzilla.git

Bug 1061247 - Successfully using a password change token should invalidate all other password change tokens for that user
r=gerv a=glob
---

diff --git a/token.cgi b/token.cgi
index 13e54b695a..ddfdc159b2 100755
--- a/token.cgi
+++ b/token.cgi
@@ -180,6 +180,8 @@ sub changePassword {
     $user->set_password($password);
     $user->update();
     delete_token($token);
+    $dbh->do(q{DELETE FROM tokens WHERE userid = ?
+               AND tokentype = 'password'}, undef, $user_id);
 
     Bugzilla->logout_user_by_id($user_id);