reactos/web
1
0
Fork 0
mirror of https://github.com/reactos/web.git synced 2025-02-17 01:17:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[ROSLOGIN] Fixes based on Code Review by Mark Jansen

Browse Source 
- Redirect to the "username_sent" message also when no such E-Mail address exists in the directory.
  This prevents disclosing the existence of a particular E-Mail address when using the SendUsername feature.
- Remove unused globals.
- Use uppercase boolean values consistently.
This commit is contained in:
Colin Finck 2018-05-08 16:28:25 +02:00
parent 9ebc516a7a
commit ff063944e3
5 changed files with 7 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
www/www.reactos.org/roslogin/actions/ResetPasswordCompleteAction.php
View File

@ -10,9 +10,6 @@
{
public function perform()
{
global $lang;
global $roslogin_langres;
if (!array_key_exists("username", $_POST) ||
!array_key_exists("email", $_POST) ||
!array_key_exists("key", $_POST) ||

4
www/www.reactos.org/roslogin/actions/SendUsernameAction.php
View File

@ -35,7 +35,9 @@
}
catch (InvalidEmailException $e)
{
redirect_to("?p=forgot&unknown_email=1&" . http_build_query($data));
// Redirect to the same "username_sent" page even if the E-Mail address does not exist.
// This prevents disclosing whether an E-Mail address exists in the directory.
redirect_to("?p=message&username_sent=1&" . http_build_query($data));
}
catch (CaptchaNotSolvedException $e)
{

3
www/www.reactos.org/roslogin/lang/en.inc.php
View File

@ -79,6 +79,5 @@
"send_username_button" => "Send Username",
"send_username_subject" => "Account Username",
"unknown_username" => "This Username is not registered!",
"unknown_email" => "No account is registered for this E-Mail address!",
"username_sent" => "An E-Mail with your Username has been sent to <i>%s</i>.",
"username_sent" => "If the E-Mail address <i>%s</i> is associated to an account, an E-Mail with the Username has been sent to it.",
];

7
www/www.reactos.org/roslogin/pages/ForgotPage.php
View File

@ -36,7 +36,6 @@
$email = array_key_exists("email", $_GET) ? $_GET["email"] : "";
$unknown_username = array_key_exists("unknown_username", $_GET);
$unknown_email = array_key_exists("unknown_email", $_GET);
$reset_password_captcha_not_solved = array_key_exists("reset_password_captcha_not_solved", $_GET);
$send_username_captcha_not_solved = array_key_exists("send_username_captcha_not_solved", $_GET);
?>
@ -94,14 +93,10 @@
<form class="form-horizontal" method="post">
<input type="hidden" name="a" value="send_username">
<div class="form-group <?php if ($unknown_email) { echo "has-error"; } ?>">
<div class="form-group">
<label for="email" class="col-md-4 control-label"><?php echo $roslogin_langres["email"]; ?></label>
<div class="col-md-8">
<input required class="form-control" type="text" name="email" value="<?php echo $email; ?>">
<?php
if ($unknown_email)
echo '<span class="help-block">' . $roslogin_langres["unknown_email"] . '</span>';
?>
</div>
</div>

4
www/www.reactos.org/wiki/extensions/RosLogin/RosLoginHooks.php
View File

@ -10,13 +10,13 @@
{
public static function onSpecialPage_initList(&$specialPages) {
$specialPages['Userlogin'] = "SpecialRosLogin";
return true;
return TRUE;
}
public static function onUserLogout(&$user) {
global $wgOut;
$redirect = array_key_exists("returnto", $_GET) ? "/wiki/index.php?title=" . $_GET["returnto"] : "/wiki";
$wgOut->redirect("/roslogin/?a=logout&redirect=" . rawurlencode($redirect));
return true;
return TRUE;
}
}