Thanks bellini13. Right, you are.
I had a look at `config/defines.inc.php` and found:
define('_PS_MODE_DEV_', true);
We've changed this over to:
define('_PS_MODE_DEV_', false);
And tested it again - it works perfectly (It did work before, just displayed an error) with no error message.
However, after clicking the password reset token link, it displays the following:
Your password has been successfully reset and a confirmation has been sent to your e-mail address:
Interestingly, line 50 in /cache/smarty/compile/4e/06/fc/4e06fc94b46a62394c4907eaeb1442eb841e3394.file.password.tpl.php has the following code:
<?php echo stripslashes(smarty_modifier_escape($_POST['email'], 'htmlall', 'UTF-8'));?>
From a PHP perspective, how can this page print out the e-mail from $_POST['email'] if they've gotten to this page by visiting http://domain.com.au/password-recovery?token=PasswordResetToken? As far as I can see, there's nothing sent via $_POST whatsoever, so this seems to be flawed. We didn't write this code ourselves (it may have been from some of the inherited code from previous developers) - is it part of the PrestaShop core?