From: Reed Loden <reed@reedloden.com>
Date: Wed, 1 Oct 2014 05:37:11 +0000 (-0700)
Subject: Bug 1061247 - Successfully using a password change token should invalidate all other... 
X-Git-Tag: bugzilla-4.4.6~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eab0867f20767113b6bad3a81104e07ae547b461;p=thirdparty%2Fbugzilla.git

Bug 1061247 - Successfully using a password change token should invalidate all other password change tokens for that user
r=gerv a=glob
---

diff --git a/token.cgi b/token.cgi
index 44ca46bd64..a85973efcd 100755
--- a/token.cgi
+++ b/token.cgi
@@ -176,6 +176,8 @@ sub changePassword {
     $user->set_password($password);
     $user->update();
     delete_token($token);
+    $dbh->do(q{DELETE FROM tokens WHERE userid = ?
+               AND tokentype = 'password'}, undef, $user_id);
 
     Bugzilla->logout_user_by_id($user_id);