Merge pull request #2298 from FreshRSS/dev1.14.0

FreshRSS 1.14.0
author: Alexandre Alapetite <alexandre@alapetite.fr> 2019-03-31 16:38:46 +0200
committer: GitHub <noreply@github.com> 2019-03-31 16:38:46 +0200
commit: d413f67dd28738f4a6d8cf036e00714737f757b8 (patch)
tree: 1509f631dc8814bcf85d907a292ddd6437a2efcd /app/Controllers/userController.php
parent: 8dcdde6251ae4dfc690b1a014488df125c5e5cdc (diff)
parent: 2a935516d850d63a215f9650b96ede102311f7ca (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 2338c8b2a..be3787561 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -128,9 +128,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	public function profileAction() {
 		Minz_View::prependTitle(_t('conf.profile.title') . ' · ');
 
-		Minz_View::appendScript(Minz_Url::display(
-			'/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js')
-		));
+		Minz_View::appendScript(Minz_Url::display('/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js')));
 
 		if (Minz_Request::isPost()) {
 			$passwordPlain = Minz_Request::param('newPasswordPlain', '', true);
@@ -249,6 +247,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				$user_conf = get_user_configuration($new_user_name);
 				Minz_Session::_param('currentUser', $new_user_name);
 				Minz_Session::_param('passwordHash', $user_conf->passwordHash);
+				Minz_Session::_param('csrf');
 				FreshRSS_Auth::giveAccess();
 			}
author	Alexandre Alapetite <alexandre@alapetite.fr>	2019-03-31 16:38:46 +0200
committer	GitHub <noreply@github.com>	2019-03-31 16:38:46 +0200
commit	d413f67dd28738f4a6d8cf036e00714737f757b8 (patch)
tree	1509f631dc8814bcf85d907a292ddd6437a2efcd /app/Controllers/userController.php
parent	8dcdde6251ae4dfc690b1a014488df125c5e5cdc (diff)
parent	2a935516d850d63a215f9650b96ede102311f7ca (diff)