In login_destination_apply_redirect(), login_destination checks if the user has a password change pending and if so, does not redirect. However, it does not check that the force_password_change is still enabled, so if a user had a pending password change and the for some reason the site disabled the force_password_change module, the account is forever stuck in that state and login redirects will not work for that user.

Easy fix: just add module_exists('force_password_change') to the condition to make it look like this:
module_exists('force_password_change') && $account->force_password_change && $account->uid == $user->uid)

If necessary I'll attach a patch, but this is such a quick fix I figured not needed.

Comments

stewart.adam’s picture

stewart.adam CreditAttribution: stewart.adam commented
Version: 7.x-1.0-beta2 » 6.x-2.8

Oops, sorry - absentmindedly selected 7.x when we're actually using 6.x.

rsvelko’s picture

rsvelko CreditAttribution: rsvelko as a volunteer commented
Issue summary: View changes

thanks fixed. Albeit so late...

rsvelko’s picture

rsvelko CreditAttribution: rsvelko as a volunteer commented
Status: Active » Fixed

  • stewart.adam authored 9daeeda on 6.x-2.x 
    Issue #1793540 by stewart.adam, rsvelko: Should check if...
rsvelko’s picture

rsvelko CreditAttribution: rsvelko as a volunteer commented
Assigned: Unassigned » rsvelko

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.