diff options
author | robocoder <anthon.pang@gmail.com> | 2010-11-02 03:51:29 +0300 |
---|---|---|
committer | robocoder <anthon.pang@gmail.com> | 2010-11-02 03:51:29 +0300 |
commit | 6c58b1295ffc368e9e0a34b08cc3cf192d882299 (patch) | |
tree | 468012c63e77b49a7617471455d80e2fd39c733f /plugins/UsersManager | |
parent | 9bb8815172fb77738be2de6166bb879e8bcd7b15 (diff) |
fixes #1792 - unable to login with passwords containing html special chars
git-svn-id: http://dev.piwik.org/svn/trunk@3283 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'plugins/UsersManager')
-rw-r--r-- | plugins/UsersManager/API.php | 6 | ||||
-rw-r--r-- | plugins/UsersManager/Controller.php | 6 | ||||
-rw-r--r-- | plugins/UsersManager/templates/userSettings.js | 8 |
3 files changed, 14 insertions, 6 deletions
diff --git a/plugins/UsersManager/API.php b/plugins/UsersManager/API.php index 23250b5430..5f25b59c30 100644 --- a/plugins/UsersManager/API.php +++ b/plugins/UsersManager/API.php @@ -311,9 +311,11 @@ class Piwik_UsersManager_API $this->checkLogin($userLogin); $this->checkUserIsNotSuperUser($userLogin); - $this->checkPassword($password); $this->checkEmail($email); + $password = Piwik_Common::unsanitizeInputValue($password); + $this->checkPassword($password); + $alias = $this->getCleanAlias($alias,$userLogin); $passwordTransformed = $this->getCleanPassword($password); @@ -333,7 +335,6 @@ class Piwik_UsersManager_API // we reload the access list which doesn't yet take in consideration this new user Zend_Registry::get('access')->reloadAccess(); - } /** @@ -357,6 +358,7 @@ class Piwik_UsersManager_API } else { + $password = Piwik_Common::unsanitizeInputValue($password); $this->checkPassword($password); $password = $this->getCleanPassword($password); } diff --git a/plugins/UsersManager/Controller.php b/plugins/UsersManager/Controller.php index 5ae2c9c572..a7cb542500 100644 --- a/plugins/UsersManager/Controller.php +++ b/plugins/UsersManager/Controller.php @@ -264,8 +264,10 @@ class Piwik_UsersManager_Controller extends Piwik_Controller { $superUser = Zend_Registry::get('config')->superuser; $updatedSuperUser = false; + if($newPassword !== false) { + $newPassword = Piwik_Common::unsanitizeInputValue($newPassword); $md5PasswordSuperUser = md5($newPassword); $superUser->password = $md5PasswordSuperUser; $updatedSuperUser = true; @@ -283,6 +285,10 @@ class Piwik_UsersManager_Controller extends Piwik_Controller else { Piwik_UsersManager_API::getInstance()->updateUser($userLogin, $newPassword, $email, $alias); + if($newPassword !== false) + { + $newPassword = Piwik_Common::unsanitizeInputValue($newPassword); + } } // logs the user in with the new password diff --git a/plugins/UsersManager/templates/userSettings.js b/plugins/UsersManager/templates/userSettings.js index dd64ac7e54..22a2e82304 100644 --- a/plugins/UsersManager/templates/userSettings.js +++ b/plugins/UsersManager/templates/userSettings.js @@ -17,10 +17,10 @@ function getUserSettingsAJAX() } var ajaxRequest = piwikHelper.getStandardAjaxConf('ajaxLoadingUserSettings', 'ajaxErrorUserSettings', params); - var alias = $('#alias').val(); - var email = $('#email').val(); - var password = $('#password').val(); - var passwordBis = $('#passwordBis').val(); + var alias = encodeURIComponent( $('#alias').val() ); + var email = encodeURIComponent( $('#email').val() ); + var password = encodeURIComponent( $('#password').val() ); + var passwordBis = encodeURIComponent( $('#passwordBis').val() ); var defaultReport = $('input[name=defaultReport]:checked').val(); if(defaultReport == 1) { defaultReport = $('#defaultReportWebsite option:selected').val(); |