From c3c4de43d6701560f604ca7996f717b08e3d7d1d Mon Sep 17 00:00:00 2001
From: dpeca <peca@mycity.rs>
Date: Mon, 23 Mar 2020 17:28:55 +0100
Subject: [PATCH] Preventing manipulation with $_SERVER['HTTP_HOST']

---
 web/reset/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/reset/index.php b/web/reset/index.php
index 842dd2f3b..0b8670908 100644
--- a/web/reset/index.php
+++ b/web/reset/index.php
@@ -30,7 +30,7 @@ if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
         } else {
             $mailtext = __('GREETINGS');
         }
-        $mailtext .= __('PASSWORD_RESET_REQUEST',$_SERVER['HTTP_HOST'],$user,$rkey,$_SERVER['HTTP_HOST'],$user,$rkey);
+        $mailtext .= __('PASSWORD_RESET_REQUEST',$hostname,$user,$rkey,$hostname,$user,$rkey);
         if (!empty($rkey)) send_email($to, $subject, $mailtext, $from);
         unset($output);
     }