Removed sectoken

This token is completly useless since an attacker can easily extract it from the page.
author: Lukas Reschke <lukas@statuscode.ch> 2012-09-29 15:15:35 +0200
committer: Lukas Reschke <lukas@statuscode.ch> 2012-09-29 15:15:35 +0200
commit: f5fe95a1315200c7e0c08544b2aad5ef69167d7c (patch)
tree: d78a6eddca4d24f07448e5a8be65cd759899beff /core/lostpassword/templates
parent: bd804b74c46ed6779bf82a506711b48644a197f4 (diff)
download: nextcloud-server-f5fe95a1315200c7e0c08544b2aad5ef69167d7c.tar.gz
nextcloud-server-f5fe95a1315200c7e0c08544b2aad5ef69167d7c.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/core/lostpassword/templates/lostpassword.php b/core/lostpassword/templates/lostpassword.php
index 754eabdad67..4b871963b80 100644
--- a/core/lostpassword/templates/lostpassword.php
+++ b/core/lostpassword/templates/lostpassword.php
@@ -10,7 +10,6 @@
 			<p class="infield">
 				<label for="user" class="infield"><?php echo $l->t( 'Username' ); ?></label>
 				<input type="text" name="user" id="user" value="" autocomplete="off" required autofocus />
-				<input type="hidden" name="sectoken" id="sectoken" value="<?php echo($_['sectoken']); ?>"  />
 			</p>
 			<input type="submit" id="submit" value="<?php echo $l->t('Request reset'); ?>" />
 		<?php endif; ?>
author	Lukas Reschke <lukas@statuscode.ch>	2012-09-29 15:15:35 +0200
committer	Lukas Reschke <lukas@statuscode.ch>	2012-09-29 15:15:35 +0200
commit	f5fe95a1315200c7e0c08544b2aad5ef69167d7c (patch)
tree	d78a6eddca4d24f07448e5a8be65cd759899beff /core/lostpassword/templates
parent	bd804b74c46ed6779bf82a506711b48644a197f4 (diff)
download	nextcloud-server-f5fe95a1315200c7e0c08544b2aad5ef69167d7c.tar.gz nextcloud-server-f5fe95a1315200c7e0c08544b2aad5ef69167d7c.zip