Commit 30ad0102 authored by drumm's avatar drumm

Drupal 5.20

parent 404fcf29
// $Id$
Drupal 5.20-dev xxxx-xx-xx
Drupal 5.20, 2009-09-16
-----------------------
- The 'access' element for hook_menu() now interprets Drupal 6 style values,
like array('access content').
- Avoid security problems resulting from writing Drupal 6-style menu
declarations.
- Fixed security issues (session fixation), see SA-CORE-2009-008.
- Fixed a variety of small bugs.
Drupal 5.19, 2009-07-01
-----------------------
......
......@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
define('VERSION', '5.20-dev');
define('VERSION', '5.20');
/**
* Implementation of hook_help().
......
......@@ -1149,6 +1149,8 @@ function user_pass_reset($uid, $timestamp, $hashed_pass, $action = NULL) {
$user = $account;
// And proceed with normal login, going to user page.
$edit = array();
// Regenerate the session ID to prevent against session fixation attacks.
sess_regenerate();
user_module_invoke('login', $edit, $user);
drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.'));
drupal_goto('user/'. $user->uid .'/edit');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment