diff options
author | benakamoorthi <benaka.moorthi@gmail.com> | 2012-10-22 08:29:38 +0400 |
---|---|---|
committer | benakamoorthi <benaka.moorthi@gmail.com> | 2012-10-22 08:29:38 +0400 |
commit | 4f2ef166a698e3f583b623e76fdcdb9aaf8d1d81 (patch) | |
tree | c481bab8c91006df2456253e6a0027dd2d6aeb18 /plugins/UsersManager | |
parent | 893d016ae9afc5bb256be17481190eeaa257bf9e (diff) |
Refs #3080, added trusted host admin UI, display warning in login, normal & admin screens if hostname is not trusted, and make sure password reset is not possible if hostname is not trusted.
git-svn-id: http://dev.piwik.org/svn/trunk@7279 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'plugins/UsersManager')
-rw-r--r-- | plugins/UsersManager/Controller.php | 7 | ||||
-rw-r--r-- | plugins/UsersManager/templates/userSettings.js | 16 | ||||
-rw-r--r-- | plugins/UsersManager/templates/userSettings.tpl | 8 |
3 files changed, 26 insertions, 5 deletions
diff --git a/plugins/UsersManager/Controller.php b/plugins/UsersManager/Controller.php index 577a626371..0ec2b7cf6f 100644 --- a/plugins/UsersManager/Controller.php +++ b/plugins/UsersManager/Controller.php @@ -292,6 +292,13 @@ class Piwik_UsersManager_Controller extends Piwik_Controller_Admin $newPassword = $password; } + // UI disables password change on invalid host, but check here anyway + if (!Piwik_Url::isValidHost() + && $newPassword !== false) + { + throw new Exception("Cannot change password with untrusted hostname!"); + } + $userLogin = Piwik::getCurrentUserLogin(); if(Piwik::isUserIsSuperUser()) { diff --git a/plugins/UsersManager/templates/userSettings.js b/plugins/UsersManager/templates/userSettings.js index 9d91c0a6c7..ff67961942 100644 --- a/plugins/UsersManager/templates/userSettings.js +++ b/plugins/UsersManager/templates/userSettings.js @@ -21,8 +21,8 @@ function getUserSettingsAJAX() var ajaxRequest = piwikHelper.getStandardAjaxConf('ajaxLoadingUserSettings', 'ajaxErrorUserSettings', params); var alias = encodeURIComponent( $('#alias').val() ); var email = encodeURIComponent( $('#email').val() ); - var password = encodeURIComponent( $('#password').val() ); - var passwordBis = encodeURIComponent( $('#passwordBis').val() ); + var password = $('#password').val(); + var passwordBis = $('#passwordBis').val(); var defaultReport = $('input[name=defaultReport]:checked').val(); if(defaultReport == 1) { defaultReport = $('#sitesSelectionSearch .custom_select_main_link').attr('siteid'); @@ -33,8 +33,14 @@ function getUserSettingsAJAX() request += '&format=json'; request += '&alias='+alias; request += '&email='+email; - request += '&password='+password; - request += '&passwordBis='+passwordBis; + if (password) + { + request += '&password='+encodeURIComponent(password); + } + if (passwordBis) + { + request += '&passwordBis='+encodeURIComponent(passwordBis); + } request += '&defaultReport='+defaultReport; request += '&defaultDate='+defaultDate; request += '&token_auth=' + piwik.token_auth; @@ -66,7 +72,7 @@ $(document).ready( function() { var onValidate = function() { $.ajax( getUserSettingsAJAX() ); } - if($('#password').val() != '') { + if($('#password').length > 0 && $('#password').val() != '') { piwikHelper.modalConfirm( '#confirmPasswordChange', {yes: onValidate}); } else { onValidate(); diff --git a/plugins/UsersManager/templates/userSettings.tpl b/plugins/UsersManager/templates/userSettings.tpl index 2fe325a57e..bfb516ffff 100644 --- a/plugins/UsersManager/templates/userSettings.tpl +++ b/plugins/UsersManager/templates/userSettings.tpl @@ -58,6 +58,7 @@ </td> </tr> +{if isset($isValidHost) && $isValidHost} <tr> <td><label for="email">{'UsersManager_ChangePassword'|translate} </label></td> <td><input size="25" value="" autocomplete="off" id="password" type="password" /> @@ -66,7 +67,14 @@ <span class='form-description'> {'UsersManager_TypeYourPasswordAgain'|translate}</span> </td> </tr> +{/if} </table> +{if !isset($isValidHost) || !$isValidHost} +<div class="ajaxSuccess"> + {'UsersManager_InjectedHostCannotChangePwd'|translate:$invalidHost} {if !$isSuperUser}{'UsersManager_EmailYourAdministrator'|translate:$invalidHostMailLinkStart:'</a>'}{/if} +</div> +<br/> +{/if} {ajaxErrorDiv id=ajaxErrorUserSettings} {ajaxLoadingDiv id=ajaxLoadingUserSettings} |