diff --git a/core/modules/user/lib/Drupal/user/Form/UserPasswordResetForm.php b/core/modules/user/lib/Drupal/user/Form/UserPasswordResetForm.php index add599e..d771de1 100644 --- a/core/modules/user/lib/Drupal/user/Form/UserPasswordResetForm.php +++ b/core/modules/user/lib/Drupal/user/Form/UserPasswordResetForm.php @@ -77,7 +77,7 @@ public function submitForm(array &$form, array &$form_state) { watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $user->getUsername(), '%timestamp' => $form_state['values']['timestamp'])); drupal_set_message($this->t('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.')); // Let the user's password be changed without the current password check. - $token = Crypt::randomStringHashed(55); + $token = Crypt::randomBytesBase64(55); $_SESSION['pass_reset_' . $user->id()] = $token; $form_state['redirect_route']['route_name'] = 'user.edit'; $form_state['redirect_route']['route_parameters'] = array('user' => $user->id());