github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-07-06 04:51:54 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Preventing manipulation with $_SERVER['HTTP_HOST']

Browse source
This commit is contained in:
dpeca 2020-03-23 17:28:55 +01:00 committed by GitHub
parent a5712542d7
commit c3c4de43d6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/reset/index.php
View file

@ -30,7 +30,7 @@ if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
} else {
$mailtext = __('GREETINGS');
}
$mailtext .= __('PASSWORD_RESET_REQUEST',$_SERVER['HTTP_HOST'],$user,$rkey,$_SERVER['HTTP_HOST'],$user,$rkey);
$mailtext .= __('PASSWORD_RESET_REQUEST',$hostname,$user,$rkey,$hostname,$user,$rkey);
if (!empty($rkey)) send_email($to, $subject, $mailtext, $from);
unset($output);
}