Revision 1115
Added by Matthias about 16 years ago
| trunk/CHANGELOG | ||
|---|---|---|
| 12 | 12 |
|
| 13 | 13 |
------------------------------------- 2.8.0 ------------------------------------- |
| 14 | 14 |
9-Aug-2009 Matthias Gallas |
| 15 |
# Fixed possible xss injection in login/forgot/index.php |
|
| 15 | 16 |
# Fixed bug in news modul introduced in changeset [1057] |
| 16 | 17 |
# Added missing variables also to preferences.php. Forgot in Changeset [1112] |
| 17 | 18 |
8-Aug-2009 Matthias Gallas |
| trunk/wb/admin/login/forgot/index.php | ||
|---|---|---|
| 40 | 40 |
// Check if the user has already submitted the form, otherwise show it |
| 41 | 41 |
if(isset($_POST['email']) AND $_POST['email'] != "") {
|
| 42 | 42 |
|
| 43 |
$email = $_POST['email'];
|
|
| 43 |
$email = htmlspecialchars($_POST['email'],ENT_QUOTES);
|
|
| 44 | 44 |
|
| 45 | 45 |
// Check if the email exists in the database |
| 46 | 46 |
$query = "SELECT user_id,username,display_name,email,last_reset,password FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'"; |
| ... | ... | |
| 105 | 105 |
} else {
|
| 106 | 106 |
// Email doesn't exist, so tell the user |
| 107 | 107 |
$message = $MESSAGE['FORGOT_PASS']['EMAIL_NOT_FOUND']; |
| 108 |
// and delete the wrong Email |
|
| 109 |
$email = ''; |
|
| 108 | 110 |
} |
| 109 | 111 |
|
| 110 | 112 |
} else {
|
Also available in: Unified diff
Fixed possible xss injection in login/forgot/index.php