fixed: email password recovery allows sending recovery mail to arbitrary address
This commit is contained in:
Graham Knop
parent
e89d1527fa
commit
d71dc4dd2d
3 changed files with 6 additions and 10 deletions
|
|
@ -50,6 +50,7 @@
|
|||
- fixed #8818: Visitor sends a welcome message
|
||||
- added: "EditArea" code highlighter and editing tool for WebGUI::Form::Codearea, used
|
||||
in Template, Snippet, SQLReport, and more
|
||||
- fixed: email password recovery allows sending recovery mail to arbitrary address
|
||||
|
||||
7.6.0
|
||||
- added: users may now customize the post received page for the CS
|
||||
|
|
|
|||
|
|
@ -998,7 +998,7 @@ sub emailRecoverPasswordFinish {
|
|||
my $recoveryGuid = $session->id->generate();
|
||||
my $url = $session->url->getSiteURL;
|
||||
my $userId = $user->userId; #get the user guid
|
||||
$email = $user->profileField('email') unless $email; #get email address from the profile, unless we already have it
|
||||
$email = $user->profileField('email');
|
||||
|
||||
my $authsettings = $self->getParams($userId);
|
||||
$authsettings->{emailRecoverPasswordVerificationNumber} = $recoveryGuid;
|
||||
|
|
@ -1008,7 +1008,7 @@ sub emailRecoverPasswordFinish {
|
|||
my $mail = WebGUI::Mail::Send->create($session, { to=>$email, subject=>$i18n->get('WebGUI password recovery')});
|
||||
$mail->addText($i18n->get('recover password email text1', 'AuthWebGUI') . $url. ". \n\n".$i18n->get('recover password email text2', 'AuthWebGUI')." \n\n ".$url."?op=auth;method=emailResetPassword;token=$recoveryGuid"."\n\n ". $i18n->get('recover password email text3', 'AuthWebGUI'));
|
||||
$mail->send;
|
||||
return "<h1>". $i18n->get('recover password banner', 'AuthWebGUI')." </h1> <br> <br> <h3>". $i18n->get('email recover password finish message1', 'AuthWebGUI'). $email . $i18n->get('email recover password finish message2', 'AuthWebGUI') . "</h3>";
|
||||
return "<h1>". $i18n->get('recover password banner', 'AuthWebGUI')." </h1> <br> <br> <h3>". $i18n->get('email recover password finish message', 'AuthWebGUI') . "</h3>";
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -602,14 +602,9 @@ our $I18N = {
|
|||
lastUpdated => 177127324,
|
||||
},
|
||||
|
||||
'email recover password finish message1' => {
|
||||
message => q|An email has been sent to |,
|
||||
lastUpdated => 177127324,
|
||||
},
|
||||
|
||||
'email recover password finish message2' => {
|
||||
message => q| with instructions for resetting your password.|,
|
||||
lastUpdated => 177127324,
|
||||
'email recover password finish message' => {
|
||||
message => q|An email has been sent with instructions for resetting your password.|,
|
||||
lastUpdated => 1223309904,
|
||||
},
|
||||
|
||||
'email recover password start message' => {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue