tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-28 20:29:15 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2077 from halkyon/changepassword_validation_redirection_issue

Browse Source 
BUG If BackURL set, validation errors send the user to wrong place.
This commit is contained in:
Stig Lindqvist 2013-06-07 22:44:13 -07:00
commit 2eafd63297
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
security/ChangePasswordForm.php
View File

@ -67,7 +67,8 @@ class ChangePasswordForm extends Form {
_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"), _t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"),
"bad" "bad"
); );
$this->controller->redirectBack(); // redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
$this->controller->redirect($this->controller->Link('changepassword'));
return; return;
} }
} }
@ -91,7 +92,9 @@ class ChangePasswordForm extends Form {
$this->sessionMessage( $this->sessionMessage(
_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"), _t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"),
"bad"); "bad");
$this->controller->redirectBack();
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
$this->controller->redirect($this->controller->Link('changepassword'));
return; return;
} }
else if($data['NewPassword1'] == $data['NewPassword2']) { else if($data['NewPassword1'] == $data['NewPassword2']) {
@ -127,7 +130,9 @@ class ChangePasswordForm extends Form {
), ),
"bad" "bad"
); );
$this->controller->redirectBack();
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
$this->controller->redirect($this->controller->Link('changepassword'));
} }
} else { } else {
@ -135,7 +140,9 @@ class ChangePasswordForm extends Form {
$this->sessionMessage( $this->sessionMessage(
_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"), _t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"),
"bad"); "bad");
$this->controller->redirectBack();
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
$this->controller->redirect($this->controller->Link('changepassword'));
} }
} }