SECURITY: Do not allow user scripts on Special:PasswordReset

[lhc/web/wiklou.git] / includes / specials / SpecialPasswordReset.php

diff --git a/includes/specials/SpecialPasswordReset.php b/includes/specials/SpecialPasswordReset.php
index a4f16bd..51fcae7 100644 (file)
--- a/includes/specials/SpecialPasswordReset.php
+++ b/includes/specials/SpecialPasswordReset.php
@@ -36,11 +36,6 @@ class SpecialPasswordReset extends FormSpecialPage {
        /** @var PasswordReset */
        private $passwordReset = null;
 
-       /**
-        * @var string[] Temporary storage for the passwords which have been sent out, keyed by username.
-        */
-       private $passwords = [];
-
        /**
         * @var Status
         */
@@ -79,6 +74,15 @@ class SpecialPasswordReset extends FormSpecialPage {
                parent::checkExecutePermissions( $user );
        }
 
+       /**
+        * @param string $par
+        */
+       public function execute( $par ) {
+               $out = $this->getOutput();
+               $out->disallowUserJs();
+               parent::execute( $par );
+       }
+
        protected function getFormFields() {
                $resetRoutes = $this->getConfig()->get( 'PasswordResetRoutes' );
                $a = [];