# HG changeset patch
# User bsw
# Date 1305595396 -7200
# Node ID bf735d8095aa237e0283305fc0c37527572248e7
# Parent  bfd8d88f72fcb511bc20126805a4a92d10c7ea7f
Fixed security related bug, security tokens were exposed through trace output.

diff -r bfd8d88f72fc -r bf735d8095aa app/main/index/_action/reset_password.lua
--- a/app/main/index/_action/reset_password.lua	Sat Feb 05 19:47:35 2011 +0100
+++ b/app/main/index/_action/reset_password.lua	Tue May 17 03:23:16 2011 +0200
@@ -1,3 +1,5 @@
+trace.disable()
+    
 local secret = param.get("secret")
 
 if not secret then
diff -r bfd8d88f72fc -r bf735d8095aa model/member.lua
--- a/model/member.lua	Sat Feb 05 19:47:35 2011 +0100
+++ b/model/member.lua	Tue May 17 03:23:16 2011 +0200
@@ -313,6 +313,7 @@
 end
 
 function Member.object:set_notify_email(notify_email)
+  trace.disable()
   local expiry = db:query("SELECT now() + '7 days'::interval as expiry", "object").expiry
   self.notify_email_unconfirmed = notify_email
   self.notify_email_secret = multirand.string( 24, "23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz" )