From 827c135cc9b0b187a61a2d9e0f64592cce7418ff Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 22 Oct 2022 14:13:36 +0200 Subject: [PATCH] [ticket/security/274] Reset login keys/session when resetting password SECURITY-274 --- phpBB/phpbb/ucp/controller/reset_password.php | 1 + 1 file changed, 1 insertion(+) diff --git a/phpBB/phpbb/ucp/controller/reset_password.php b/phpBB/phpbb/ucp/controller/reset_password.php index 9919100a6c..fd256ef30d 100644 --- a/phpBB/phpbb/ucp/controller/reset_password.php +++ b/phpBB/phpbb/ucp/controller/reset_password.php @@ -415,6 +415,7 @@ class reset_password SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . (int) $user_row['user_id']; $this->db->sql_query($sql); + $this->user->reset_login_keys(); $this->log->add('user', $user_row['user_id'], $this->user->ip, 'LOG_USER_NEW_PASSWORD', false, [ 'reportee_id' => $user_row['user_id'], $user_row['username']