getBackURL() ?: Session::get('BackURL'); if (!$fields) { $fields = new FieldList(); // Security/changepassword?h=XXX redirects to Security/changepassword // without GET parameter to avoid potential HTTP referer leakage. // In this case, a user is not logged in, and no 'old password' should be necessary. if (Member::currentUser()) { $fields->push(new PasswordField("OldPassword", _t('Member.YOUROLDPASSWORD', "Your old password"))); } $fields->push(new PasswordField("NewPassword1", _t('Member.NEWPASSWORD', "New Password"))); $fields->push(new PasswordField("NewPassword2", _t('Member.CONFIRMNEWPASSWORD', "Confirm New Password"))); } if (!$actions) { $actions = new FieldList( new FormAction("doChangePassword", _t('Member.BUTTONCHANGEPASSWORD', "Change Password")) ); } if ($backURL) { $fields->push(new HiddenField('BackURL', false, $backURL)); } parent::__construct($controller, $name, $fields, $actions); } /** * @return ChangePasswordHandler */ protected function buildRequestHandler() { return ChangePasswordHandler::create($this); } }