mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-27 23:56:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header.

Browse Source 
Thanks Florian Apolloner for contributing to this patch and
Collin Anderson, Markus Holtermann, and Tim Graham for review.
This commit is contained in:
Romain Garrigues
2017-01-13 14:17:54 +00:00
committed by Tim Graham
parent 91023d79ec
commit ede59ef6f3
8 changed files with 122 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
django/contrib/auth/tokens.py
View File

@@ -24,6 +24,8 @@ class PasswordResetTokenGenerator(object):
"""
Check that a password reset token is correct for a given user.
"""
if not (user and token):
return False
# Parse the token
try:
ts_b36, hash = token.split("-")