erp5_credential: do not pass REQUEST when calling mailPasswordResetRequest

REQUEST will be filled when mailPasswordResetRequest is called from URL, and is now used to prevent anonymous to call mailPasswordResetRequest directly if erp5_credential is installed.

bt5/erp5_credential/SkinTemplateItem/portal_skins/erp5_credential/CredentialRecovery_sendPasswordResetLink.py

@@ -13,16 +13,14 @@ if message_reference is None:
 notification_message = portal.NotificationTool_getDocumentValue(message_reference,
                                                                 context.getLanguage())
 
-context.REQUEST.set('came_from', context.getUrlString())
-
 if context.hasStopDate():
   kw = {'expiration_date':context.getStopDate()}
 else:
   kw = {}
 
 portal.portal_password.mailPasswordResetRequest(user_login=reference,
-                                                REQUEST=context.REQUEST,
                                                 notification_message=notification_message,
                                                 store_as_event=portal.portal_preferences.isPreferredStoreEvents(),
+                                                came_from=context.getUrlString(),
                                                 batch=True,
                                                 **kw)