github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-20 21:34:12 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #720 from Flatta/secfix-xss-pwreset

Browse source 
Fix XSS in Password Reset
This commit is contained in:
Serghey Rodin 2016-06-30 17:53:46 +03:00 committed by GitHub
commit a162fe06e8
2 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/templates/reset_2.html
View file

@ -21,7 +21,7 @@
<tr>
<td>
<input type="hidden" name="action" value="confirm">
<input type="hidden" name="user" value="<?php echo $_GET['user'];?>">
<input type="hidden" name="user" value="<?=htmlentities($_GET['user'], ENT_QUOTES|ENT_HTML5)?>">
<input tabindex="1" type="text" size="20px" style="width:240px" name="code" class="vst-input">
</td>
</tr>

4
web/templates/reset_3.html
View file

@ -13,8 +13,8 @@
<tr>
<td style="padding: 12px 0 0 2px;">
<input type="hidden" name="action" value="confirm" >
<input type="hidden" name="user" value="<?php echo $_GET['user'];?>" >
<input type="hidden" name="code" value="<?php echo $_GET['code'];?>" >
<input type="hidden" name="user" value="<?=htmlentities($_GET['user'], ENT_QUOTES|ENT_HTML5)?>" >
<input type="hidden" name="code" value="<?=htmlentities($_GET['code'], ENT_QUOTES|ENT_HTML5)?>" >
<?php print __('New Password');?>
</td>
</tr>