From b805a9bd7f1356e66fed15ced2c591cf4e9071fc Mon Sep 17 00:00:00 2001 From: marcus Date: Mon, 11 Aug 2008 09:34:39 +0000 Subject: Refs #210 & #211 git-svn-id: https://code.elgg.org/elgg/trunk@1818 36083f99-b078-4883-b0ff-0f9b5a30f544 --- actions/login.php | 5 ++++- actions/user/requestnewpassword.php | 2 ++ languages/en.php | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/actions/login.php b/actions/login.php index 95c90ce7e..774b6dfaa 100644 --- a/actions/login.php +++ b/actions/login.php @@ -10,7 +10,10 @@ * @copyright Curverider Ltd 2008 * @link http://elgg.org/ */ - + + // Safety first + action_gatekeeper(); + // Get username and password $username = get_input('username'); diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php index 1771a86ac..3ed2d604e 100644 --- a/actions/user/requestnewpassword.php +++ b/actions/user/requestnewpassword.php @@ -13,6 +13,8 @@ require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); global $CONFIG; + action_gatekeeper(); + $username = get_input('username'); $user = get_user_by_username($username); diff --git a/languages/en.php b/languages/en.php index da2d542cf..ba01080a0 100644 --- a/languages/en.php +++ b/languages/en.php @@ -716,7 +716,7 @@ You cannot reply to this email.", /** * Action gatekeeper */ - 'actiongatekeeper:missingfields' => 'Form is missing __action, __token or __ts fields', + 'actiongatekeeper:missingfields' => 'Form is missing __token or __ts fields', 'actiongatekeeper:tokeninvalid' => 'Token provided by form does not match that generated by server.', 'actiongatekeeper:timeerror' => 'Form has expired, please refresh and try again.', -- cgit v1.2.3