github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 18:49:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #52 from serghey-rodin/master

Browse source 
Preventing manipulation with $_SERVER['HTTP_HOST']
This commit is contained in:
myvesta 2020-03-23 17:38:43 +01:00 committed by GitHub
commit 9256193b0e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/reset/index.php
View file

@ -30,7 +30,7 @@ if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
} else {
$mailtext = __('GREETINGS');
}
$mailtext .= __('PASSWORD_RESET_REQUEST',$_SERVER['HTTP_HOST'],$user,$rkey,$_SERVER['HTTP_HOST'],$user,$rkey);
$mailtext .= __('PASSWORD_RESET_REQUEST',$hostname,$user,$rkey,$hostname,$user,$rkey);
if (!empty($rkey)) send_email($to, $subject, $mailtext, $from);
unset($output);
}