user_pass_reset() seems to be a very security sensitive function that shouldn't be hijacked in contrib.

hook_exit() lets you react to the drupal_goto without duplicating the page callback.

http://api.drupal.org/api/drupal/developer--hooks--core.php/function/hoo...

Patch to follow.

Comments

glennpratt’s picture

At the same time, I moved the password change tab below user/%user/edit alongside account (user/%user/edit/password), similar to chngpwd module.

glennpratt’s picture

Status: Active » Needs review

Up for review...

deekayen’s picture

Committed to master.

deekayen’s picture

Status: Needs review » Closed (fixed)

...and didn't change status.

glennpratt’s picture

Thanks! I could see this affecting the D7 port as well, not sure.