diff options
| -rw-r--r-- | core/Controller.php | 73 | ||||
| -rw-r--r-- | core/Url.php | 50 | ||||
| -rw-r--r-- | lang/en.php | 12 | ||||
| -rw-r--r-- | plugins/CoreAdminHome/Controller.php | 17 | ||||
| -rw-r--r-- | plugins/CoreAdminHome/templates/generalSettings.js | 53 | ||||
| -rw-r--r-- | plugins/CoreAdminHome/templates/generalSettings.tpl | 28 | ||||
| -rw-r--r-- | plugins/CoreAdminHome/templates/header.tpl | 7 | ||||
| -rw-r--r-- | plugins/CoreAdminHome/templates/styles.css | 19 | ||||
| -rw-r--r-- | plugins/CoreHome/templates/index.tpl | 7 | ||||
| -rw-r--r-- | plugins/Login/Controller.php | 1 | ||||
| -rw-r--r-- | plugins/Login/templates/login.tpl | 13 | ||||
| -rw-r--r-- | plugins/UsersManager/Controller.php | 7 | ||||
| -rw-r--r-- | plugins/UsersManager/templates/userSettings.js | 16 | ||||
| -rw-r--r-- | plugins/UsersManager/templates/userSettings.tpl | 8 |
14 files changed, 293 insertions, 18 deletions
diff --git a/core/Controller.php b/core/Controller.php index 9dfaf11842..1d9537b3ce 100644 --- a/core/Controller.php +++ b/core/Controller.php @@ -480,6 +480,79 @@ abstract class Piwik_Controller { $view->setXFrameOptions('sameorigin'); } + + self::setHostValidationVariablesView($view); + } + + /** + * Checks if the current host is valid and sets variables on the given view, including: + * + * isValidHost - true if host is valid, false if otherwise + * invalidHostMessage - message to display if host is invalid (only set if host is invalid) + * invalidHost - the invalid hostname (only set if host is invalid) + * mailLinkStart - the open tag of a link to email the super user of this problem (only set + * if host is invalid) + */ + public static function setHostValidationVariablesView( $view ) + { + // check if host is valid + $view->isValidHost = Piwik_Url::isValidHost(); + if (!$view->isValidHost) + { + // invalid host, so display warning to user + $validHost = Piwik_Config::getInstance()->General['trusted_hosts'][0]; + $invalidHost = $_SERVER['HTTP_HOST']; + + $emailSubject = rawurlencode(Piwik_Translate('CoreHome_InjectedHostEmailSubject', $invalidHost)); + $emailBody = rawurlencode(Piwik_Translate('CoreHome_InjectedHostEmailBody')); + $superUserEmail = Piwik::getSuperUserEmail(); + + $mailToUrl = "mailto:$superUserEmail?subject=$emailSubject&body=$emailBody"; + $mailLinkStart = "<a href=\"$mailToUrl\">"; + + $invalidUrl = Piwik_Url::getCurrentUrlWithoutQueryString($checkIfTrusted = false); + $validUrl = Piwik_Url::getCurrentScheme() . '://' . $validHost + . Piwik_Url::getCurrentScriptName(); + + $validLink = "<a href=\"$validUrl\">$validUrl</a>"; + $changeTrustedHostsUrl = "index.php" + . Piwik_Url::getCurrentQueryStringWithParametersModified(array( + 'module' => 'CoreAdminHome', + 'action' => 'generalSettings' + )) + . "#trustedHostsSection"; + + $warningStart = Piwik_Translate('CoreHome_InjectedHostWarningIntro', array( + '<strong>'.$invalidUrl.'</strong>', + '<strong>'.$validUrl.'</strong>' + )); + + if (Piwik::isUserIsSuperUser()) + { + $view->invalidHostMessage = $warningStart . ' ' + . Piwik_Translate('CoreHome_InjectedHostSuperUserWarning', array( + "<a href=\"$changeTrustedHostsUrl\">", + $invalidHost, + '</a>', + "<a href=\"$validUrl\">", + $validHost, + '</a>' + )); + } + else + { + $view->invalidHostMessage = $warningStart . ' ' + . Piwik_Translate('CoreHome_InjectedHostNonSuperUserWarning', array( + "<a href=\"$validUrl\">", + '</a>', + $mailLinkStart, + '</a>' + )); + } + + $view->invalidHost = $invalidHost; // for UserSettings warning + $view->invalidHostMailLinkStart = $mailLinkStart; + } } /** diff --git a/core/Url.php b/core/Url.php index 760c5c00a6..62820193d2 100644 --- a/core/Url.php +++ b/core/Url.php @@ -19,6 +19,11 @@ class Piwik_Url { /** + * List of hosts that are never checked for validity. + */ + private static $alwaysTrustedHosts = array('localhost' => true, '127.0.0.1' => true); + + /** * If current URL is "http://example.org/dir1/dir2/index.php?param1=value1¶m2=value2" * will return "http://example.org/dir1/dir2/index.php?param1=value1¶m2=value2" * @@ -36,12 +41,14 @@ class Piwik_Url * If current URL is "http://example.org/dir1/dir2/index.php?param1=value1¶m2=value2" * will return "http://example.org/dir1/dir2/index.php" * + * @param bool $checkTrustedHost Whether to do trusted host check. Should ALWAYS be true, + * except in Piwik_Controller. * @return string */ - static public function getCurrentUrlWithoutQueryString() + static public function getCurrentUrlWithoutQueryString( $checkTrustedHost = true ) { return self::getCurrentScheme() . '://' - . self::getCurrentHost() + . self::getCurrentHost($checkTrustedHost) . self::getCurrentScriptName(); } @@ -162,13 +169,32 @@ class Piwik_Url /** * Validate "Host" (untrusted user input) * - * @param string $host Contents of Host: header from Request - * @param array $trustedHosts An array of trusted hosts + * @param string|false $host Contents of Host: header from Request. If false, gets the + * value from the request. * * @return boolean True if valid; false otherwise */ - static public function isValidHost($host, $trustedHosts) + static public function isValidHost($host = false) { + if ($host === false) + { + $host = $_SERVER['HTTP_HOST']; + + if (empty($host)) // if no current host, assume valid + { + return true; + } + } + + $trustedHosts = @Piwik_Config::getInstance()->General['trusted_hosts']; + + // if no trusted hosts or host is in hardcoded whitelist, just assume it's valid + if (empty($trustedHosts) + || isset(self::$alwaysTrustedHosts[$host])) + { + return true; + } + // Only punctuation we allow is '[', ']', ':', '.' and '-' $hostLength = Piwik_Common::strlen($host); if ($hostLength !== strcspn($host, '`~!@#$%^&*()_+={}\\|;"\'<>,?/ ')) @@ -185,15 +211,17 @@ class Piwik_Url /** * Get host * + * @param bool $checkIfTrusted Whether to do trusted host check. Should ALWAYS be true, + * except in Piwik_Controller. * @return string|false */ - static public function getHost() + static public function getHost( $checkIfTrusted = true ) { // HTTP/1.1 request if (isset($_SERVER['HTTP_HOST']) && strlen($host = $_SERVER['HTTP_HOST']) - && (!($trustedHosts = @Piwik_Config::getInstance()->General['trusted_hosts']) - || self::isValidHost($host, $trustedHosts))) + && (!$checkIfTrusted + || self::isValidHost($host))) { return $host; } @@ -211,10 +239,12 @@ class Piwik_Url * If current URL is "http://example.org/dir1/dir2/index.php?param1=value1¶m2=value2" * will return "example.org" * + * @param bool $checkTrustedHost Whether to do trusted host check. Should ALWAYS be true, + * except in Piwik_Controller. * @param string $default Default value to return if host unknown * @return string */ - static public function getCurrentHost($default = 'unknown') + static public function getCurrentHost($checkTrustedHost = true, $default = 'unknown') { $hostHeaders = @Piwik_Config::getInstance()->General['proxy_host_headers']; if(!is_array($hostHeaders)) @@ -222,7 +252,7 @@ class Piwik_Url $hostHeaders = array(); } - $host = self::getHost(); + $host = self::getHost($checkTrustedHost); $default = Piwik_Common::sanitizeInputValue($host ? $host : $default); return Piwik_IP::getNonProxyIpFromHeader($default, $hostHeaders); diff --git a/lang/en.php b/lang/en.php index ec1c364a9d..42ed5730b5 100644 --- a/lang/en.php +++ b/lang/en.php @@ -347,6 +347,8 @@ $translations = array( 'General_Installed' => 'Installed', 'General_Broken' => 'Broken', 'General_InfoFor' => 'Info for %s', + 'General_Hostname' => 'Hostname', + 'General_Add' => 'Add', 'Actions_PluginDescription' => 'Reports about the page views, the outlinks and downloads. Outlinks and Downloads tracking is automatic! You can also track your internal website\'s Search Engine.', 'Actions_Actions' => 'Actions', 'Actions_SubmenuPages' => 'Pages', @@ -444,6 +446,14 @@ $translations = array( 'CoreAdminHome_LogoUpload' => 'Select a Logo to upload', 'CoreAdminHome_LogoUploadDescription' => 'Please upload a file in %s formats, no transparent background, with a minimum height of %s pixels.', 'CoreAdminHome_LogoNotWriteable' => 'To use a custom logo Piwik requires write access to the logo files within the themes directory: %s', + 'CoreAdminHome_TrustedHostSettings' => 'Trusted Host Settings', + 'CoreAdminHome_TrustedHostConfirm' => 'Are you sure you want to change the trusted hostnames?', + 'CoreAdminHome_TrustedHostSettingsDesc' => 'Trusted hosts are hostnames Piwik expects to see in the Host HTTP header. Hackers can send fake hostnames to direct users to their own servers. By checking the Host header with a list of trusted hosts, Piwik protects you from this type of attack.', + 'CoreHome_InjectedHostWarningIntro' => 'You are now accessing Piwik from %1$s, but Piwik has been configured to run at this address: %2$s.', + 'CoreHome_InjectedHostSuperUserWarning' => 'Piwik may be misconfigured (for example, if Piwik was recently moved to a new server or URL). You can either %1$suse %2$s as the valid Piwik hostname%3$s, or %4$sgo to %5$s to access Piwik safely%6$s.', + 'CoreHome_InjectedHostNonSuperUserWarning' => '%1$sClick here to access Piwik safely%2$s and remove this warning. You may also want to contact your Piwik administrator and notify them about this issue (%3$sclick here to email%4$s).', + 'CoreHome_InjectedHostEmailSubject' => 'Encountered injected hostname: %s', + 'CoreHome_InjectedHostEmailBody' => 'Hello, I tried to access Piwik today and encountered an injected hostname.', 'PrivacyManager_TeaserHeadline' => 'Privacy Settings', 'PrivacyManager_Teaser' => 'On this page, you can customize Piwik to make it privacy compliant with existing legislations, by: %s anonymizing the visitor IP%s, %s automatically remove old visitor logs from the database%s, and %s providing an Opt-out mechanism for your website%s.', 'PrivacyManager_MenuPrivacySettings' => 'Privacy', @@ -1605,6 +1615,8 @@ And thank you for using Piwik!', 'UsersManager_ExceptionUserDoesNotExist' => 'User \'%s\' doesn\'t exist.', 'UsersManager_ExceptionAccessValues' => 'The parameter access must have one of the following values : [ %s ]', 'UsersManager_ExceptionPasswordMD5HashExpected' => 'UsersManager.getTokenAuth is expecting a MD5-hashed password (32 chars long string). Please call the md5() function on the password before calling this method.', + 'UsersManager_InjectedHostCannotChangePwd' => 'You are currently visiting with an injected host (%1$s). You cannot change your password until this problem is fixed.', + 'UsersManager_EmailYourAdministrator' => '%1$sE-mail your administrator about this problem%2$s.', 'VisitFrequency_PluginDescription' => 'Reports various statistics about the Returning Visitor versus the First time visitor.', 'VisitFrequency_Evolution' => 'Evolution over the period', 'VisitFrequency_ColumnReturningVisits' => 'Returning Visits', diff --git a/plugins/CoreAdminHome/Controller.php b/plugins/CoreAdminHome/Controller.php index f235239436..cd9c141d95 100644 --- a/plugins/CoreAdminHome/Controller.php +++ b/plugins/CoreAdminHome/Controller.php @@ -54,6 +54,13 @@ class Piwik_CoreAdminHome_Controller extends Piwik_Controller_Admin $directoryWritable = is_writable(PIWIK_DOCUMENT_ROOT.'/themes/'); $logoFilesWriteable = is_writeable(PIWIK_DOCUMENT_ROOT.'/themes/logo.png') && is_writeable(PIWIK_DOCUMENT_ROOT.'/themes/logo-header.png'); $view->logosWriteable = ($logoFilesWriteable || $directoryWritable) && ini_get('file_uploads') == 1; + + $trustedHosts = array(); + if (isset(Piwik_Config::getInstance()->General['trusted_hosts'])) + { + $trustedHosts = Piwik_Config::getInstance()->General['trusted_hosts']; + } + $view->trustedHosts = $trustedHosts; } $view->language = Piwik_LanguagesManager::getLanguageCodeForCurrentUser(); @@ -90,7 +97,15 @@ class Piwik_CoreAdminHome_Controller extends Piwik_Controller_Admin $branding = Piwik_Config::getInstance()->branding; $branding['use_custom_logo'] = Piwik_Common::getRequestVar('useCustomLogo', '0'); Piwik_Config::getInstance()->branding = $branding; - + + // update trusted host settings + $trustedHosts = Piwik_Common::getRequestVar('trustedHosts', false, 'json'); + if ($trustedHosts !== false) + { + $trustedHosts = array_filter($trustedHosts); + Piwik_Config::getInstance()->General['trusted_hosts'] = $trustedHosts; + } + Piwik_Config::getInstance()->forceSave(); $toReturn = $response->getResponse(); diff --git a/plugins/CoreAdminHome/templates/generalSettings.js b/plugins/CoreAdminHome/templates/generalSettings.js index 62c0b10344..c9467ce850 100644 --- a/plugins/CoreAdminHome/templates/generalSettings.js +++ b/plugins/CoreAdminHome/templates/generalSettings.js @@ -25,6 +25,12 @@ function getGeneralSettingsAJAX() request += '&mailPassword=' + encodeURIComponent($('#mailPassword').val()); request += '&mailEncryption=' + $('#mailEncryption').val(); request += '&useCustomLogo=' + isCustomLogoEnabled(); + + var trustedHosts = []; + $('input[name=trusted_host]').each(function () { + trustedHosts.push($(this).val()); + }); + request += '&trustedHosts=' + encodeURIComponent(JSON.stringify(trustedHosts)); ajaxRequest.data = request; return ajaxRequest; } @@ -54,10 +60,38 @@ function refreshCustomLogo() { } $(document).ready( function() { + var originalTrustedHostCount = $('input[name=trusted_host]').length; + showSmtpSettings(isSmtpEnabled()); showCustomLogoSettings(isCustomLogoEnabled()); $('#generalSettingsSubmit').click( function() { - $.ajax( getGeneralSettingsAJAX() ); + var doSubmit = function() + { + $.ajax( getGeneralSettingsAJAX() ); + }; + + var hasTrustedHostsChanged = false, + hosts = $('input[name=trusted_host]'); + if (hosts.length != originalTrustedHostCount) + { + hasTrustedHostsChanged = true; + } + else + { + hosts.each(function() { + hasTrustedHostsChanged |= this.defaultValue != this.value; + }); + } + + // if trusted hosts have changed, make sure to ask for confirmation + if (hasTrustedHostsChanged) + { + piwikHelper.modalConfirm('#confirmTrustedHostChange', {yes: doSubmit}); + } + else + { + doSubmit(); + } }); $('input[name=mailUseSmtp]').click(function(){ @@ -90,4 +124,21 @@ $(document).ready( function() { }); $('#customLogo').change(function(){$("#logoUploadForm").submit()}); + + // trusted hosts event handling + $('#trustedHostSettings .adminTable').on('click', '.remove-trusted-host', function(e) { + e.preventDefault(); + $(this).parent().parent().remove(); + return false; + }); + $('#trustedHostSettings .add-trusted-host').click(function(e) { + e.preventDefault(); + + // append new row to the table + $('#trustedHostSettings tbody').append('<tr>' + + '<td><input name="trusted_host" type="text" value=""/></td>' + + '<td><a href="#" class="remove-trusted-host">x</a></td>' + + '</tr>'); + return false; + }); }); diff --git a/plugins/CoreAdminHome/templates/generalSettings.tpl b/plugins/CoreAdminHome/templates/generalSettings.tpl index 9471d7e8e2..c2c527cf40 100644 --- a/plugins/CoreAdminHome/templates/generalSettings.tpl +++ b/plugins/CoreAdminHome/templates/generalSettings.tpl @@ -136,6 +136,34 @@ </tr> </table> </div> + +<div class="ui-confirm" id="confirmTrustedHostChange"> + <h2>{'CoreAdminHome_TrustedHostConfirm'|translate}</h2> + <input role="yes" type="button" value="{'General_Yes'|translate}" /> + <input role="no" type="button" value="{'General_No'|translate}" /> +</div> + +<h2 id="trustedHostsSection">{'CoreAdminHome_TrustedHostSettings'|translate}</h2> +<div id='trustedHostSettings'> +<p>{'CoreAdminHome_TrustedHostSettingsDesc'|translate}</p> +<table class="adminTable"> + <tr> + <th style="width:250px">{'General_Hostname'|translate}</th> + <th style="width:10px"> </th> + </tr> + {foreach from=$trustedHosts item=host key=hostIdx} + <tr> + <td><input name="trusted_host" type="text" value="{$host}"/></td> + <td> + <a href="#" class="remove-trusted-host">x</a> + </td> + </tr> + {/foreach} +</table> +<div class="adminTable add-trusted-host-container"> + <a href="#" class="add-trusted-host"><em>{'General_Add'|translate}</em></a> +</div> +</div> <div id='logoSettings'> {capture assign=giveUsFeedbackText}"{'General_GiveUsYourFeedback'|translate}"{/capture} {capture assign=customLogoHelp} diff --git a/plugins/CoreAdminHome/templates/header.tpl b/plugins/CoreAdminHome/templates/header.tpl index ddab2847f3..a4dcea6eea 100644 --- a/plugins/CoreAdminHome/templates/header.tpl +++ b/plugins/CoreAdminHome/templates/header.tpl @@ -55,6 +55,13 @@ <input role="no" type="button" value="{'General_Ok'|translate}" /> </div> +{* untrusted host warning *} +{if isset($isValidHost) && isset($invalidHostMessage) && !$isValidHost} +<div class="ajaxSuccess"> + <strong>{'General_Warning'|translate}: </strong>{$invalidHostMessage} +</div> +{/if} + {* old GeoIP plugin warning *} {if $isSuperUser && $usingOldGeoIPPlugin} <div class="ajaxSuccess"> diff --git a/plugins/CoreAdminHome/templates/styles.css b/plugins/CoreAdminHome/templates/styles.css index 6c7a594484..a9bab85073 100644 --- a/plugins/CoreAdminHome/templates/styles.css +++ b/plugins/CoreAdminHome/templates/styles.css @@ -143,3 +143,22 @@ table.admin tbody td:hover, table.admin tbody th:hover { .admin .sites_autocomplete a { color: #255792; } + +/* trusted host styles */ +#trustedHostSettings .adminTable { + width:300px; +} +#trustedHostSettings .adminTable td { + vertical-align: middle; + padding-bottom: 0; +} +#trustedHostSettings .adminTable tr td:last-child { + padding: 0 0 0 0; +} +#trustedHostSettings input { + width:95%; +} +#trustedHostSettings .add-trusted-host-container { + padding: 12px 24px; +} + diff --git a/plugins/CoreHome/templates/index.tpl b/plugins/CoreHome/templates/index.tpl index fd8f7cceae..36d155ae8e 100644 --- a/plugins/CoreHome/templates/index.tpl +++ b/plugins/CoreHome/templates/index.tpl @@ -13,6 +13,13 @@ {ajaxRequestErrorDiv} </div> + {* untrusted host warning *} + {if isset($isValidHost) && isset($invalidHostMessage) && !$isValidHost} + <div class="ajaxSuccess"> + <strong>{'General_Warning'|translate}: </strong>{$invalidHostMessage} + </div> + {/if} + {ajaxLoadingDiv} <div id="content" class="home"> diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php index d706538d74..5848a96f6d 100644 --- a/plugins/Login/Controller.php +++ b/plugins/Login/Controller.php @@ -84,6 +84,7 @@ class Piwik_Login_Controller extends Piwik_Controller $view->infoMessage = $infoMessage; $view->addForm( $form ); $this->configureView($view); + self::setHostValidationVariablesView($view); echo $view->render(); } diff --git a/plugins/Login/templates/login.tpl b/plugins/Login/templates/login.tpl index cdcef19db3..1b177de3d5 100644 --- a/plugins/Login/templates/login.tpl +++ b/plugins/Login/templates/login.tpl @@ -2,6 +2,13 @@ <div id="login"> +{* untrusted host warning *} +{if isset($isValidHost) && isset($invalidHostMessage) && !$isValidHost} +<div id="login_error"> + <strong>{'General_Warning'|translate}: </strong>{$invalidHostMessage} +</div> +{/if} + <div id="message_container"> {if $form_data.errors} <div id="login_error"> @@ -40,6 +47,7 @@ </p> </form> +{if isset($isValidHost) && $isValidHost} <form id="reset_form" style="display:none;"> <p> <label>{'Login_LoginOrEmail'|translate}:<br /> @@ -65,11 +73,14 @@ <input type="hidden" name="module" value="Login"/> <input type="hidden" name="action" value="resetPassword"/> </form> +{/if} <p id="nav"> +{if isset($isValidHost) && $isValidHost} <a id="login_form_nav" href="#" title="{'Login_LostYourPassword'|translate}">{'Login_LostYourPassword'|translate}</a> -<a id="reset_form_nav" href="#" style="display:none;" title="{'Mobile_NavigationBack'|translate}">{'General_Cancel'|translate}</a> <a id="alternate_reset_nav" href="#" style="display:none;" title="{'Login_LogIn'|translate}">{'Login_LogIn'|translate}</a> +{/if} +<a id="reset_form_nav" href="#" style="display:none;" title="{'Mobile_NavigationBack'|translate}">{'General_Cancel'|translate}</a> </p> {if isset($smarty.capture.poweredByPiwik)} <p id="piwik"> diff --git a/plugins/UsersManager/Controller.php b/plugins/UsersManager/Controller.php index 577a626371..0ec2b7cf6f 100644 --- a/plugins/UsersManager/Controller.php +++ b/plugins/UsersManager/Controller.php @@ -292,6 +292,13 @@ class Piwik_UsersManager_Controller extends Piwik_Controller_Admin $newPassword = $password; } + // UI disables password change on invalid host, but check here anyway + if (!Piwik_Url::isValidHost() + && $newPassword !== false) + { + throw new Exception("Cannot change password with untrusted hostname!"); + } + $userLogin = Piwik::getCurrentUserLogin(); if(Piwik::isUserIsSuperUser()) { diff --git a/plugins/UsersManager/templates/userSettings.js b/plugins/UsersManager/templates/userSettings.js index 9d91c0a6c7..ff67961942 100644 --- a/plugins/UsersManager/templates/userSettings.js +++ b/plugins/UsersManager/templates/userSettings.js @@ -21,8 +21,8 @@ function getUserSettingsAJAX() var ajaxRequest = piwikHelper.getStandardAjaxConf('ajaxLoadingUserSettings', 'ajaxErrorUserSettings', params); var alias = encodeURIComponent( $('#alias').val() ); var email = encodeURIComponent( $('#email').val() ); - var password = encodeURIComponent( $('#password').val() ); - var passwordBis = encodeURIComponent( $('#passwordBis').val() ); + var password = $('#password').val(); + var passwordBis = $('#passwordBis').val(); var defaultReport = $('input[name=defaultReport]:checked').val(); if(defaultReport == 1) { defaultReport = $('#sitesSelectionSearch .custom_select_main_link').attr('siteid'); @@ -33,8 +33,14 @@ function getUserSettingsAJAX() request += '&format=json'; request += '&alias='+alias; request += '&email='+email; - request += '&password='+password; - request += '&passwordBis='+passwordBis; + if (password) + { + request += '&password='+encodeURIComponent(password); + } + if (passwordBis) + { + request += '&passwordBis='+encodeURIComponent(passwordBis); + } request += '&defaultReport='+defaultReport; request += '&defaultDate='+defaultDate; request += '&token_auth=' + piwik.token_auth; @@ -66,7 +72,7 @@ $(document).ready( function() { var onValidate = function() { $.ajax( getUserSettingsAJAX() ); } - if($('#password').val() != '') { + if($('#password').length > 0 && $('#password').val() != '') { piwikHelper.modalConfirm( '#confirmPasswordChange', {yes: onValidate}); } else { onValidate(); diff --git a/plugins/UsersManager/templates/userSettings.tpl b/plugins/UsersManager/templates/userSettings.tpl index 2fe325a57e..bfb516ffff 100644 --- a/plugins/UsersManager/templates/userSettings.tpl +++ b/plugins/UsersManager/templates/userSettings.tpl @@ -58,6 +58,7 @@ </td> </tr> +{if isset($isValidHost) && $isValidHost} <tr> <td><label for="email">{'UsersManager_ChangePassword'|translate} </label></td> <td><input size="25" value="" autocomplete="off" id="password" type="password" /> @@ -66,7 +67,14 @@ <span class='form-description'> {'UsersManager_TypeYourPasswordAgain'|translate}</span> </td> </tr> +{/if} </table> +{if !isset($isValidHost) || !$isValidHost} +<div class="ajaxSuccess"> + {'UsersManager_InjectedHostCannotChangePwd'|translate:$invalidHost} {if !$isSuperUser}{'UsersManager_EmailYourAdministrator'|translate:$invalidHostMailLinkStart:'</a>'}{/if} +</div> +<br/> +{/if} {ajaxErrorDiv id=ajaxErrorUserSettings} {ajaxLoadingDiv id=ajaxLoadingUserSettings} |