From 1a39f61598acb7fd2a2e5f49415e91609f720dc0 Mon Sep 17 00:00:00 2001
From: Mateusz Uzdowski <mateusz@silverstripe.com>
Date: Fri, 25 Oct 2013 09:29:21 +1300
Subject: [PATCH] BUG Fix the password reset message to be shown consistently.

If we detect any of the password reset GET params, it's safe to assume
that someone intended a password reset, regardless of other conditions.
---
 security/Security.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/security/Security.php b/security/Security.php
index 07ed80660..27e507591 100644
--- a/security/Security.php
+++ b/security/Security.php
@@ -658,9 +658,8 @@ class Security extends Controller {
 				'Form' => $this->ChangePasswordForm()));
 
 		} else {
-			// show an error message if the auto login token is invalid and the
-			// user is not logged in
-			if(!isset($_REQUEST['t']) || !$member) {
+			// Show friendly message if it seems like the user arrived here via password reset feature.
+			if(isset($_REQUEST['m']) || isset($_REQUEST['t'])) {
 				$customisedController = $controller->customise(
 					array('Content' =>
 						_t(