Skip to content
GitLab
Commit c899e0bd authored by Côme Chilliet's avatar Côme Chilliet
Browse files

Merge branch '5918-password-recovery-does-not-escape-fields-in-error-messages' into '1.3-dev' 

Resolve "Password recovery does not escape fields in error messages" in 1.3-dev

See merge request fusiondirectory/fd!445

(cherry picked from commit 55505425)

37069161 :ambulance: fix(password recovery) Escape HTML from input fields
parent 0288a28d
dev 6342-update-the-locales-for-1-5 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock 6378-orcid-test-method-is-wrong-and-break-orcid-saving 6379-core-ogroups-creation-with-backend-default-user-available-for-selection core-php8 master fusiondirectory-1.5 fusiondirectory-1.4 fusiondirectory-1.3.1 fusiondirectory-1.3 fusiondirectory-1.2.3
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 5 additions and 5 deletions
+5 -5
html/class_passwordRecovery.inc
+ 5
5
View file @ c899e0bd
......@@ -476,10 +476,10 @@ class passwordRecovery extends standAlonePage {
$ldap->search($filter, array('dn'));
if ($ldap->count() < 1) {
$this->message[] = sprintf(_('Did not find an account with login "%s"'), $this->login);
$this->message[] = sprintf(_('Did not find an account with login "%s"'), htmlentities($this->login, ENT_COMPAT, 'UTF-8'));
return;
} elseif ($ldap->count() > 1) {
$this->message[] = sprintf(_('Found multiple accounts with login "%s"'), $this->login);
$this->message[] = sprintf(_('Found multiple accounts with login "%s"'), htmlentities($this->login, ENT_COMPAT, 'UTF-8'));
return;
}
......@@ -512,10 +512,10 @@ class passwordRecovery extends standAlonePage {
/* Only one ldap node should be found */
if ($ldap->count() < 1) {
$this->message[] = sprintf(_('There is no account using email "%s"'), $this->email_address);
$this->message[] = sprintf(_('There is no account using email "%s"'), htmlentities($this->email_address, ENT_COMPAT, 'UTF-8'));
return;
} elseif ($ldap->count() > 1) {
$this->message[] = sprintf(_('There are several accounts using email "%s"'), $this->email_address);
$this->message[] = sprintf(_('There are several accounts using email "%s"'), htmlentities($this->email_address, ENT_COMPAT, 'UTF-8'));
return;
}
......@@ -523,7 +523,7 @@ class passwordRecovery extends standAlonePage {
$method = passwordMethod::get_method($attrs['userPassword'][0], $attrs['dn']);
if (is_object($method) && $method->is_locked($attrs['dn'])) {
$this->message[] = sprintf(_('The user using email "%s" is locked. Please contact your administrator.'), $this->email_address);
$this->message[] = sprintf(_('The user using email "%s" is locked. Please contact your administrator.'), htmlentities($this->email_address, ENT_COMPAT, 'UTF-8'));
return;
}
$this->login = $attrs[$this->loginAttribute][0];
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment