Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/plugins/UsersManager
diff options
context:
space:
mode:
authorrobocoder <anthon.pang@gmail.com>2010-11-02 03:51:29 +0300
committerrobocoder <anthon.pang@gmail.com>2010-11-02 03:51:29 +0300
commit6c58b1295ffc368e9e0a34b08cc3cf192d882299 (patch)
tree468012c63e77b49a7617471455d80e2fd39c733f /plugins/UsersManager
parent9bb8815172fb77738be2de6166bb879e8bcd7b15 (diff)
fixes #1792 - unable to login with passwords containing html special chars
git-svn-id: http://dev.piwik.org/svn/trunk@3283 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'plugins/UsersManager')
-rw-r--r--plugins/UsersManager/API.php6
-rw-r--r--plugins/UsersManager/Controller.php6
-rw-r--r--plugins/UsersManager/templates/userSettings.js8
3 files changed, 14 insertions, 6 deletions
diff --git a/plugins/UsersManager/API.php b/plugins/UsersManager/API.php
index 23250b5430..5f25b59c30 100644
--- a/plugins/UsersManager/API.php
+++ b/plugins/UsersManager/API.php
@@ -311,9 +311,11 @@ class Piwik_UsersManager_API
$this->checkLogin($userLogin);
$this->checkUserIsNotSuperUser($userLogin);
- $this->checkPassword($password);
$this->checkEmail($email);
+ $password = Piwik_Common::unsanitizeInputValue($password);
+ $this->checkPassword($password);
+
$alias = $this->getCleanAlias($alias,$userLogin);
$passwordTransformed = $this->getCleanPassword($password);
@@ -333,7 +335,6 @@ class Piwik_UsersManager_API
// we reload the access list which doesn't yet take in consideration this new user
Zend_Registry::get('access')->reloadAccess();
-
}
/**
@@ -357,6 +358,7 @@ class Piwik_UsersManager_API
}
else
{
+ $password = Piwik_Common::unsanitizeInputValue($password);
$this->checkPassword($password);
$password = $this->getCleanPassword($password);
}
diff --git a/plugins/UsersManager/Controller.php b/plugins/UsersManager/Controller.php
index 5ae2c9c572..a7cb542500 100644
--- a/plugins/UsersManager/Controller.php
+++ b/plugins/UsersManager/Controller.php
@@ -264,8 +264,10 @@ class Piwik_UsersManager_Controller extends Piwik_Controller
{
$superUser = Zend_Registry::get('config')->superuser;
$updatedSuperUser = false;
+
if($newPassword !== false)
{
+ $newPassword = Piwik_Common::unsanitizeInputValue($newPassword);
$md5PasswordSuperUser = md5($newPassword);
$superUser->password = $md5PasswordSuperUser;
$updatedSuperUser = true;
@@ -283,6 +285,10 @@ class Piwik_UsersManager_Controller extends Piwik_Controller
else
{
Piwik_UsersManager_API::getInstance()->updateUser($userLogin, $newPassword, $email, $alias);
+ if($newPassword !== false)
+ {
+ $newPassword = Piwik_Common::unsanitizeInputValue($newPassword);
+ }
}
// logs the user in with the new password
diff --git a/plugins/UsersManager/templates/userSettings.js b/plugins/UsersManager/templates/userSettings.js
index dd64ac7e54..22a2e82304 100644
--- a/plugins/UsersManager/templates/userSettings.js
+++ b/plugins/UsersManager/templates/userSettings.js
@@ -17,10 +17,10 @@ function getUserSettingsAJAX()
}
var ajaxRequest = piwikHelper.getStandardAjaxConf('ajaxLoadingUserSettings', 'ajaxErrorUserSettings', params);
- var alias = $('#alias').val();
- var email = $('#email').val();
- var password = $('#password').val();
- var passwordBis = $('#passwordBis').val();
+ var alias = encodeURIComponent( $('#alias').val() );
+ var email = encodeURIComponent( $('#email').val() );
+ var password = encodeURIComponent( $('#password').val() );
+ var passwordBis = encodeURIComponent( $('#passwordBis').val() );
var defaultReport = $('input[name=defaultReport]:checked').val();
if(defaultReport == 1) {
defaultReport = $('#defaultReportWebsite option:selected').val();
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-23 07:52:46 +0300