Skip to content
GitLab
Commit 55505425 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

Merge branch '5918-password-recovery-does-not-escape-fields-in-error-messages' into '1.3-dev' 

Resolve "Password recovery does not escape fields in error messages" in 1.3-dev

See merge request fusiondirectory/fd!445
parents b3265bdf 37069161
1.4-fixes 1.3.1-fixes master fusiondirectory-1.4 fusiondirectory-1.3.1 fusiondirectory-1.3
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 5 additions and 5 deletions
+5 -5
html/class_passwordRecovery.inc
+ 5
5
View file @ 55505425
...@@ -477,10 +477,10 @@ class passwordRecovery extends standAlonePage { ...@@ -477,10 +477,10 @@ class passwordRecovery extends standAlonePage {
$ldap->search($filter, array('dn')); $ldap->search($filter, array('dn'));
if ($ldap->count() < 1) { if ($ldap->count() < 1) {
$this->message[] = sprintf(_('Did not find an account with login "%s"'), $this->login); $this->message[] = sprintf(_('Did not find an account with login "%s"'), htmlentities($this->login, ENT_COMPAT, 'UTF-8'));
return; return;
} elseif ($ldap->count() > 1) { } elseif ($ldap->count() > 1) {
$this->message[] = sprintf(_('Found multiple accounts with login "%s"'), $this->login); $this->message[] = sprintf(_('Found multiple accounts with login "%s"'), htmlentities($this->login, ENT_COMPAT, 'UTF-8'));
return; return;
} }
...@@ -513,10 +513,10 @@ class passwordRecovery extends standAlonePage { ...@@ -513,10 +513,10 @@ class passwordRecovery extends standAlonePage {
/* Only one ldap node should be found */ /* Only one ldap node should be found */
if ($ldap->count() < 1) { if ($ldap->count() < 1) {
$this->message[] = sprintf(_('There is no account using email "%s"'), $this->email_address); $this->message[] = sprintf(_('There is no account using email "%s"'), htmlentities($this->email_address, ENT_COMPAT, 'UTF-8'));
return; return;
} elseif ($ldap->count() > 1) { } elseif ($ldap->count() > 1) {
$this->message[] = sprintf(_('There are several accounts using email "%s"'), $this->email_address); $this->message[] = sprintf(_('There are several accounts using email "%s"'), htmlentities($this->email_address, ENT_COMPAT, 'UTF-8'));
return; return;
} }
...@@ -524,7 +524,7 @@ class passwordRecovery extends standAlonePage { ...@@ -524,7 +524,7 @@ class passwordRecovery extends standAlonePage {
$method = passwordMethod::get_method($attrs['userPassword'][0], $attrs['dn']); $method = passwordMethod::get_method($attrs['userPassword'][0], $attrs['dn']);
if (is_object($method) && $method->is_locked($attrs['dn'])) { if (is_object($method) && $method->is_locked($attrs['dn'])) {
$this->message[] = sprintf(_('The user using email "%s" is locked. Please contact your administrator.'), $this->email_address); $this->message[] = sprintf(_('The user using email "%s" is locked. Please contact your administrator.'), htmlentities($this->email_address, ENT_COMPAT, 'UTF-8'));
return; return;
} }
$this->login = $attrs[$this->loginAttribute][0]; $this->login = $attrs[$this->loginAttribute][0];
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment