From 728ba61450a5cdddfb6ade6f4c044ec015b51be8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= <fred@kanboard.net>
Date: Sat, 5 Jun 2021 15:03:43 -0700
Subject: [PATCH] Invalidate captcha after it is used

---
 app/Validator/PasswordResetValidator.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/Validator/PasswordResetValidator.php b/app/Validator/PasswordResetValidator.php
index fb424e892..bc816f455 100644
--- a/app/Validator/PasswordResetValidator.php
+++ b/app/Validator/PasswordResetValidator.php
@@ -85,6 +85,9 @@ class PasswordResetValidator extends BaseValidator
             if (! $result) {
                 $errors['captcha'] = array(t('Invalid captcha'));
             }
+
+            // Invalidate captcha to avoid reuse.
+            session_remove('captcha');
         }
 
         return array($result, $errors);