Commit f82a7319 authored by Clément OUDOT's avatar Clément OUDOT

Display correct skin in mail reset page (#818)

parent 411b99d9
...@@ -13,6 +13,7 @@ ...@@ -13,6 +13,7 @@
<form action="#" method="post" class="login" role="form"> <form action="#" method="post" class="login" role="form">
<div class="form"> <div class="form">
<input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
<TMPL_IF NAME="CHOICE_VALUE"> <TMPL_IF NAME="CHOICE_VALUE">
<input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" /> <input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
</TMPL_IF> </TMPL_IF>
...@@ -49,6 +50,7 @@ ...@@ -49,6 +50,7 @@
<form action="#" method="post" class="login" role="form"> <form action="#" method="post" class="login" role="form">
<div class="form"> <div class="form">
<input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
<TMPL_IF NAME="CHOICE_VALUE"> <TMPL_IF NAME="CHOICE_VALUE">
<input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" /> <input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
</TMPL_IF> </TMPL_IF>
...@@ -87,6 +89,7 @@ ...@@ -87,6 +89,7 @@
<form action="#" method="post" class="password" role="form"> <form action="#" method="post" class="password" role="form">
<div class="form"> <div class="form">
<input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
<TMPL_IF NAME="CHOICE_VALUE"> <TMPL_IF NAME="CHOICE_VALUE">
<input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" /> <input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
</TMPL_IF> </TMPL_IF>
...@@ -152,7 +155,7 @@ ...@@ -152,7 +155,7 @@
</div> </div>
<div class="buttons"> <div class="buttons">
<a href="<TMPL_VAR NAME="PORTAL_URL">" class="btn btn-primary" role="button"> <a href="<TMPL_VAR NAME="PORTAL_URL">?skin=<TMPL_VAR NAME="SKIN">" class="btn btn-primary" role="button">
<span class="glyphicon glyphicon-home"></span> <span class="glyphicon glyphicon-home"></span>
<lang en="Go back to portal" fr="Retourner au portail" /> <lang en="Go back to portal" fr="Retourner au portail" />
</a> </a>
......
...@@ -30,7 +30,7 @@ ...@@ -30,7 +30,7 @@
<div class="actions"> <div class="actions">
<TMPL_IF NAME="DISPLAY_RESETPASSWORD"> <TMPL_IF NAME="DISPLAY_RESETPASSWORD">
<a class="btn btn-info" href="<TMPL_VAR NAME="MAIL_URL"><TMPL_IF NAME="key">?<TMPL_VAR NAME="CHOICE_PARAM">=<TMPL_VAR NAME="key"></TMPL_IF>"> <a class="btn btn-info" href="<TMPL_VAR NAME="MAIL_URL">?skin=<TMPL_VAR NAME="SKIN"><TMPL_IF NAME="key">&<TMPL_VAR NAME="CHOICE_PARAM">=<TMPL_VAR NAME="key"></TMPL_IF>">
<span class="glyphicon glyphicon-info-sign"></span> <span class="glyphicon glyphicon-info-sign"></span>
<lang en="Reset my password" fr="R&eacute;initialiser mon mot de passe"/> <lang en="Reset my password" fr="R&eacute;initialiser mon mot de passe"/>
</a> </a>
......
...@@ -13,6 +13,7 @@ ...@@ -13,6 +13,7 @@
<TMPL_IF NAME="DISPLAY_FORM"> <TMPL_IF NAME="DISPLAY_FORM">
<form action="#" method="post" class="login"> <form action="#" method="post" class="login">
<input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
<TMPL_IF NAME="CHOICE_VALUE"> <TMPL_IF NAME="CHOICE_VALUE">
<input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" /> <input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
</TMPL_IF> </TMPL_IF>
...@@ -47,6 +48,7 @@ ...@@ -47,6 +48,7 @@
<TMPL_IF NAME="DISPLAY_RESEND_FORM"> <TMPL_IF NAME="DISPLAY_RESEND_FORM">
<form action="#" method="post" class="login"> <form action="#" method="post" class="login">
<input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
<TMPL_IF NAME="CHOICE_VALUE"> <TMPL_IF NAME="CHOICE_VALUE">
<input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" /> <input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
</TMPL_IF> </TMPL_IF>
...@@ -80,6 +82,7 @@ ...@@ -80,6 +82,7 @@
<TMPL_IF NAME="DISPLAY_PASSWORD_FORM"> <TMPL_IF NAME="DISPLAY_PASSWORD_FORM">
<form action="#" method="post" class="password"> <form action="#" method="post" class="password">
<input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
<TMPL_IF NAME="CHOICE_VALUE"> <TMPL_IF NAME="CHOICE_VALUE">
<input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" /> <input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
</TMPL_IF> </TMPL_IF>
...@@ -125,7 +128,7 @@ ...@@ -125,7 +128,7 @@
</TMPL_IF> </TMPL_IF>
<div class="panel-buttons"> <div class="panel-buttons">
<button type="button" class="positive" tabindex="1" onclick="location.href='<TMPL_VAR NAME="PORTAL_URL">';return false;"> <button type="button" class="positive" tabindex="1" onclick="location.href='<TMPL_VAR NAME="PORTAL_URL">?skin=<TMPL_VAR NAME="SKIN">';return false;">
<lang en="Go to portal" fr="Aller au portail" /> <lang en="Go to portal" fr="Aller au portail" />
</button> </button>
</div> </div>
......
...@@ -39,7 +39,7 @@ ...@@ -39,7 +39,7 @@
<TMPL_IF NAME="DISPLAY_RESETPASSWORD"> <TMPL_IF NAME="DISPLAY_RESETPASSWORD">
<p> <p>
<img src="<TMPL_VAR NAME="SKIN_PATH">/<TMPL_VAR NAME="SKIN">/images/arrow.png" /><a href="<TMPL_VAR NAME="MAIL_URL"><TMPL_IF NAME="key">?<TMPL_VAR NAME="CHOICE_PARAM">=<TMPL_VAR NAME="key"></TMPL_IF>"><lang en="Reset my password" fr="R&eacute;initialiser mon mot de passe"/></a> <img src="<TMPL_VAR NAME="SKIN_PATH">/<TMPL_VAR NAME="SKIN">/images/arrow.png" /><a href="<TMPL_VAR NAME="MAIL_URL">?skin=<TMPL_VAR NAME="SKIN"><TMPL_IF NAME="key">&<TMPL_VAR NAME="CHOICE_PARAM">=<TMPL_VAR NAME="key"></TMPL_IF>"><lang en="Reset my password" fr="R&eacute;initialiser mon mot de passe"/></a>
</p> </p>
</TMPL_IF> </TMPL_IF>
......
...@@ -12,6 +12,7 @@ ...@@ -12,6 +12,7 @@
<form action="#" method="post" class="login"> <form action="#" method="post" class="login">
<input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
<TMPL_IF NAME="CHOICE_VALUE"> <TMPL_IF NAME="CHOICE_VALUE">
<input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" /> <input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
</TMPL_IF> </TMPL_IF>
...@@ -50,6 +51,7 @@ ...@@ -50,6 +51,7 @@
<form action="#" method="post" class="login"> <form action="#" method="post" class="login">
<input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
<TMPL_IF NAME="CHOICE_VALUE"> <TMPL_IF NAME="CHOICE_VALUE">
<input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" /> <input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
</TMPL_IF> </TMPL_IF>
...@@ -85,6 +87,7 @@ ...@@ -85,6 +87,7 @@
<TMPL_IF NAME="DISPLAY_PASSWORD_FORM"> <TMPL_IF NAME="DISPLAY_PASSWORD_FORM">
<div id="password"> <div id="password">
<form action="#" method="post" class="password"> <form action="#" method="post" class="password">
<input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
<TMPL_IF NAME="CHOICE_VALUE"> <TMPL_IF NAME="CHOICE_VALUE">
<input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" /> <input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
</TMPL_IF> </TMPL_IF>
...@@ -139,7 +142,7 @@ ...@@ -139,7 +142,7 @@
</TMPL_IF> </TMPL_IF>
<div class="link"> <div class="link">
<a href="<TMPL_VAR NAME="PORTAL_URL">"> <a href="<TMPL_VAR NAME="PORTAL_URL">?skin=<TMPL_VAR NAME="SKIN">">
<lang en="Go back to portal" fr="Retourner au portail" /> <lang en="Go back to portal" fr="Retourner au portail" />
</a> </a>
</div> </div>
......
...@@ -43,7 +43,7 @@ ...@@ -43,7 +43,7 @@
<TMPL_IF NAME="DISPLAY_RESETPASSWORD"> <TMPL_IF NAME="DISPLAY_RESETPASSWORD">
<tr><td colspan="2"> <tr><td colspan="2">
<div class="buttons"> <div class="buttons">
<a class="positive" tabindex="5" href="<TMPL_VAR NAME="MAIL_URL"><TMPL_IF NAME="key">?<TMPL_VAR NAME="CHOICE_PARAM">=<TMPL_VAR NAME="key"></TMPL_IF>"> <a class="positive" tabindex="5" href="<TMPL_VAR NAME="MAIL_URL">?skin=<TMPL_VAR NAME="SKIN"><TMPL_IF NAME="key">&<TMPL_VAR NAME="CHOICE_PARAM">=<TMPL_VAR NAME="key"></TMPL_IF>">
<img src="<TMPL_VAR NAME="SKIN_PATH">/common/email.png" alt="" /> <img src="<TMPL_VAR NAME="SKIN_PATH">/common/email.png" alt="" />
<lang en="Reset my password" fr="R&eacute;initialiser mon mot de passe"/> <lang en="Reset my password" fr="R&eacute;initialiser mon mot de passe"/>
</a> </a>
......
...@@ -8,7 +8,7 @@ package Lemonldap::NG::Portal::MailReset; ...@@ -8,7 +8,7 @@ package Lemonldap::NG::Portal::MailReset;
use strict; use strict;
use warnings; use warnings;
our $VERSION = '1.4.2'; our $VERSION = '1.4.5';
use Lemonldap::NG::Portal::Simple qw(:all); use Lemonldap::NG::Portal::Simple qw(:all);
use base qw(Lemonldap::NG::Portal::SharedConf Exporter); use base qw(Lemonldap::NG::Portal::SharedConf Exporter);
...@@ -304,6 +304,7 @@ sub sendConfirmationMail { ...@@ -304,6 +304,7 @@ sub sendConfirmationMail {
# Build confirmation url # Build confirmation url
my $url = $self->{mailUrl} . "?mail_token=" . $self->{id}; my $url = $self->{mailUrl} . "?mail_token=" . $self->{id};
$url .= '&skin=' . $self->getSkin();
$url .= '&' . $self->{authChoiceParam} . '=' . $self->{_authChoice} $url .= '&' . $self->{authChoiceParam} . '=' . $self->{_authChoice}
if ( $self->{_authChoice} ); if ( $self->{_authChoice} );
......
...@@ -71,7 +71,7 @@ use Digest::MD5; ...@@ -71,7 +71,7 @@ use Digest::MD5;
#inherits Apache::Session #inherits Apache::Session
#link Lemonldap::NG::Common::Apache::Session::SOAP protected globalStorage #link Lemonldap::NG::Common::Apache::Session::SOAP protected globalStorage
our $VERSION = '1.4.4'; our $VERSION = '1.4.5';
use base qw(Lemonldap::NG::Common::CGI Exporter); use base qw(Lemonldap::NG::Common::CGI Exporter);
our @ISA; our @ISA;
...@@ -1417,6 +1417,13 @@ sub getSkin { ...@@ -1417,6 +1417,13 @@ sub getSkin {
} }
} }
# Check skin GET/POST parameter
my $skinParam = $self->param('skin');
if ( defined $skinParam && !$self->checkXSSAttack( 'skin', $skinParam ) ) {
$skin = $skinParam;
$self->lmLog( "Skin $skin selected from GET/POST parameter", 'debug' );
}
return $skin; return $skin;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment