diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-06-30 09:52:54 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-06-30 09:52:54 +0000 |
| commit | 8f817bf9a845dc2a023d5ee59e10ee380cbe9523 (patch) | |
| tree | 1a123d41b93f5359b5e73f07ce3cad4b72084bea /modules | |
| parent | a8bc7688c924c4f3c00725175b90420c6bf08ac7 (diff) | |
| download | brdo-8f817bf9a845dc2a023d5ee59e10ee380cbe9523.tar.gz brdo-8f817bf9a845dc2a023d5ee59e10ee380cbe9523.tar.bz2 | |
- Patch #497612 by Moshe Weitzman et al: harden user login by correctly using the form API.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/user/user.pages.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc index d3b736c02..e9778e32e 100644 --- a/modules/user/user.pages.inc +++ b/modules/user/user.pages.inc @@ -101,9 +101,9 @@ function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action = watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp)); // Set the new user. $user = $account; - // user_authenticate_finalize() also updates the login timestamp of the + // user_login_finalize() also updates the login timestamp of the // user, which invalidates further use of the one-time login link. - user_authenticate_finalize($form_state['values']); + user_login_finalize(); drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.')); drupal_goto('user/' . $user->uid . '/edit'); } |