tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

Correct encoding in MemberLoginForm->forgotPassword() URLs (fixes #6126)

Browse Source
This commit is contained in:
Ingo Schommer 2013-04-05 11:14:45 +02:00
parent 35b6887568
commit 97819b3f21
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
security/MemberLoginForm.php
View File

@ -252,7 +252,7 @@ JS
$SQL_data = Convert::raw2sql($data);
$SQL_email = $SQL_data['Email'];
$member = DataObject::get_one('Member', "\"Email\" = '{$SQL_email}'");
if($member) {
$token = $member->generateAutologinTokenAndStoreHash();
@ -263,12 +263,12 @@ JS
));
$e->setTo($member->Email);
$e->send();
$this->controller->redirect('Security/passwordsent/' . urlencode($data['Email']));
} elseif($data['Email']) {
// Avoid information disclosure by displaying the same status,
// regardless wether the email address actually exists
$this->controller->redirect('Security/passwordsent/' . urlencode($data['Email']));
// Avoid information disclosure by displaying the same status,
// regardless wether the email address actually exists
$this->controller->redirect('Security/passwordsent/' . rawurlencode($data['Email']));
} else {
$this->sessionMessage(
_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'),
@ -276,7 +276,7 @@ JS
);
$this->controller->redirect('Security/lostpassword');
}
}
}
}