Commit b9e1ce3f by Carsten Brandt

more validation for password reset token in advanced app

fixes #2099
parent b8558a86
......@@ -126,12 +126,16 @@ class SiteController extends Controller
public function actionResetPassword($token)
{
if (empty($token) || is_array($token)) {
throw new BadRequestHttpException('Invalid password reset token.');
}
$model = User::find([
'password_reset_token' => $token,
'status' => User::STATUS_ACTIVE,
]);
if (!$model) {
if ($model === null) {
throw new BadRequestHttpException('Wrong password reset token.');
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment