github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-21 05:44:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #720 from Flatta/secfix-xss-pwreset

Browse source 
Fix XSS in Password Reset
This commit is contained in:
Serghey Rodin 2016-06-30 17:53:46 +03:00 committed by GitHub
commit a162fe06e8
2 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/templates/reset_2.html
View file

@ -21,7 +21,7 @@
<tr> <tr>
<td> <td>
<input type="hidden" name="action" value="confirm"> <input type="hidden" name="action" value="confirm">
<input type="hidden" name="user" value="<?php echo $_GET['user'];?>"> <input type="hidden" name="user" value="<?=htmlentities($_GET['user'], ENT_QUOTES|ENT_HTML5)?>">
<input tabindex="1" type="text" size="20px" style="width:240px" name="code" class="vst-input"> <input tabindex="1" type="text" size="20px" style="width:240px" name="code" class="vst-input">
</td> </td>
</tr> </tr>

4
web/templates/reset_3.html
View file

@ -13,8 +13,8 @@
<tr> <tr>
<td style="padding: 12px 0 0 2px;"> <td style="padding: 12px 0 0 2px;">
<input type="hidden" name="action" value="confirm" > <input type="hidden" name="action" value="confirm" >
<input type="hidden" name="user" value="<?php echo $_GET['user'];?>" > <input type="hidden" name="user" value="<?=htmlentities($_GET['user'], ENT_QUOTES|ENT_HTML5)?>" >
<input type="hidden" name="code" value="<?php echo $_GET['code'];?>" > <input type="hidden" name="code" value="<?=htmlentities($_GET['code'], ENT_QUOTES|ENT_HTML5)?>" >
<?php print __('New Password');?> <?php print __('New Password');?>
</td> </td>
</tr> </tr>