From a335d704182ec416253142d1c9027204334a0a8f Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Thu, 28 Sep 2017 15:02:41 +0200
Subject: [PATCH] fixes 787, check URL parameter "action" to avoid error
 messages

---
 password.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/password.php b/password.php
index c0ad396e2..6f6af3260 100644
--- a/password.php
+++ b/password.php
@@ -37,6 +37,8 @@ check_status(ACCESS_FREE);
 
 trigger_notify('loc_begin_password');
 
+check_input_parameter('action', $_GET, false, '/^(lost|reset|none)$/');
+
 // +-----------------------------------------------------------------------+
 // | Functions                                                             |
 // +-----------------------------------------------------------------------+