more validation for password reset token in advanced app

fixes #2099

more validation for password reset token in advanced app
b9e1ce3f · Carsten Brandt · b8558a86 · b9e1ce3f
Commit b9e1ce3f authored Jan 21, 2014 by Carsten Brandt
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

SiteController.php apps/advanced/frontend/controllers/SiteController.php +5 -1

No files found.
--- a/apps/advanced/frontend/controllers/SiteController.php
+++ b/apps/advanced/frontend/controllers/SiteController.php
@@ -126,12 +126,16 @@ class SiteController extends Controller

 	public function actionResetPassword($token)
 	{
+		if (empty($token) || is_array($token)) {
+			throw new BadRequestHttpException('Invalid password reset token.');
+		}
+
 		$model = User::find([
 			'password_reset_token' => $token,
 			'status' => User::STATUS_ACTIVE,
 		]);

-		if (!$model) {
+		if ($model === null) {
 			throw new BadRequestHttpException('Wrong password reset token.');
 		}