diff options
author | Stefan Giehl <stefan@matomo.org> | 2021-10-27 17:41:04 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-27 17:41:04 +0300 |
commit | 1e004044e95eec60906f6ba691f8a6f050074adf (patch) | |
tree | 816ac6b3641193f2e9cb6c488e516ffe9f2da26c /plugins/Login | |
parent | 88cbc95b7c96e13d67cc35b88f43f8e6c81dc571 (diff) |
Always remove hash part from URL when detecting the script name (#18204)
* Always remove hash part from URL when detecting the script name
* use mb_ string methods
* also escape ip
* fix login ui test
Diffstat (limited to 'plugins/Login')
-rw-r--r-- | plugins/Login/PasswordResetter.php | 2 | ||||
-rw-r--r-- | plugins/Login/tests/UI/Login_spec.js | 5 |
2 files changed, 5 insertions, 2 deletions
diff --git a/plugins/Login/PasswordResetter.php b/plugins/Login/PasswordResetter.php index b71b846a1b..db93ddc2b9 100644 --- a/plugins/Login/PasswordResetter.php +++ b/plugins/Login/PasswordResetter.php @@ -446,7 +446,7 @@ class PasswordResetter $bodyText = '<p>' . str_replace( "\n\n", "</p><p>", - Piwik::translate('Login_MailPasswordChangeBody2', [Common::sanitizeInputValue($login), $ip, $url]) + Piwik::translate('Login_MailPasswordChangeBody2', [Common::sanitizeInputValue($login), Common::sanitizeInputValue($ip), Common::sanitizeInputValue($url)]) ) . "</p>"; $mail->setWrappedHtmlBody($bodyText); diff --git a/plugins/Login/tests/UI/Login_spec.js b/plugins/Login/tests/UI/Login_spec.js index 968bea18eb..dbbb4f326a 100644 --- a/plugins/Login/tests/UI/Login_spec.js +++ b/plugins/Login/tests/UI/Login_spec.js @@ -162,6 +162,9 @@ describe("Login", function () { throw new Error(`Could not find reset URL in email, captured mail info: ${fileContents}`) } resetUrl = resetUrl[0].replace(/<\/p>$/, ''); + resetUrl = await page.evaluate((resetUrl) => { + return piwikHelper.htmlDecode(resetUrl); + }, resetUrl); await page.goto(resetUrl); await page.waitForNetworkIdle(); @@ -291,4 +294,4 @@ describe("Login", function () { expect(await page.getWholeCurrentUrl()).to.equal("https://matomo.org/security/"); }); -});
\ No newline at end of file +}); |