From e5115e58530cc27bf496a07a87b0427318b93306 Mon Sep 17 00:00:00 2001 From: creme332 <65414576+creme332@users.noreply.github.com> Date: Mon, 22 Apr 2024 16:52:16 +0400 Subject: [PATCH] return from handlePasswordSubmission when reset link is invalid --- src/controllers/Password.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/controllers/Password.php b/src/controllers/Password.php index f9b05c1..a9bd9de 100644 --- a/src/controllers/Password.php +++ b/src/controllers/Password.php @@ -81,7 +81,7 @@ private function handleEmailSubmission(): void /** * Checks if password reset link contains the necessary token and id query parameters. - * @return bool + * @return bool True if valid */ private function validatePasswordResetLink(): bool { @@ -107,6 +107,7 @@ private function handlePasswordSubmission(): void { if (!$this->validatePasswordResetLink()) { $this->view_data['error'] = 'Invalid password reset link'; + return; } if (!isset($_POST['pwd'], $_POST['pwd-repeat'])) {