diff options
| author | Christopher Guindon | 2016-11-08 20:24:34 +0000 |
|---|---|---|
| committer | Christopher Guindon | 2016-11-08 20:58:56 +0000 |
| commit | 3b33cd4bd824f47aa2f0a2200bd2f0dffb9cbb0c (patch) | |
| tree | b1c5b81a03021c19e8bf3265960aad8fd6f39161 | |
| parent | b29795fed443210fe4ef5dc5b5905eb8c0d49448 (diff) | |
| download | dev.eclipse.org-3b33cd4bd824f47aa2f0a2200bd2f0dffb9cbb0c.tar.gz dev.eclipse.org-3b33cd4bd824f47aa2f0a2200bd2f0dffb9cbb0c.tar.xz dev.eclipse.org-3b33cd4bd824f47aa2f0a2200bd2f0dffb9cbb0c.zip | |
Bug 472396 - [security] LEAKING PASSWORD RESET TOKEN VIA REFERRER
Change-Id: Iad744d2087ef15d160f5bfb5a87100a7d495bb8b
Signed-off-by: Christopher Guindon <chris.guindon@eclipse.org>
| -rw-r--r-- | eclipse.org-common/classes/themes/baseTheme.class.php | 12 | ||||
| -rw-r--r-- | eclipse.org-common/themes/solstice/footer-min.php | 30 | ||||
| -rwxr-xr-x | site_login/_projectCommon.php | 8 | ||||
| -rw-r--r-- | site_login/password_recovery.php | 16 |
4 files changed, 55 insertions, 11 deletions
diff --git a/eclipse.org-common/classes/themes/baseTheme.class.php b/eclipse.org-common/classes/themes/baseTheme.class.php index 084f923..0b13b04 100644 --- a/eclipse.org-common/classes/themes/baseTheme.class.php +++ b/eclipse.org-common/classes/themes/baseTheme.class.php @@ -1284,7 +1284,8 @@ EOHTML; 'default-footer', 'barebone', 'thin', - 'thin-header' + 'thin-header', + 'default-with-footer-min' ); $this->layout = 'default'; if (in_array($layout, $acceptable_layouts)) { @@ -1847,6 +1848,7 @@ EOHTML; $files['body'] = $eclipse_org_common_root . '/themes/solstice/body.php'; $files['main_menu'] = $eclipse_org_common_root . '/themes/solstice/main_menu.php'; $files['footer'] = $eclipse_org_common_root . '/themes/solstice/footer.php'; + $files['footer-min'] = $eclipse_org_common_root . '/themes/solstice/footer-min.php'; // Validate theme files foreach ($files as $key => $template_files) { @@ -1918,7 +1920,6 @@ EOHTML; $this->setAttributes('main-menu-wrapper', 'col-sm-18 col-md-18 col-lg-19'); $this->setAttributes('main-menu', 'navbar-right'); $this->setAttributes('header-row', 'row'); - $this->setDisplayHeaderRight(FALSE); print $this->getThemeFile('header'); print $this->getThemeFile('menu'); @@ -1929,6 +1930,13 @@ EOHTML; print $this->getThemeFile('menu'); break; + case 'default-with-footer-min': + print $this->getThemeFile('header'); + print $this->getThemeFile('menu'); + print $this->getThemeFile('body'); + print $this->getThemeFile('footer-min'); + break; + case 'default': print $this->getThemeFile('header'); print $this->getThemeFile('menu'); diff --git a/eclipse.org-common/themes/solstice/footer-min.php b/eclipse.org-common/themes/solstice/footer-min.php new file mode 100644 index 0000000..17481ef --- /dev/null +++ b/eclipse.org-common/themes/solstice/footer-min.php @@ -0,0 +1,30 @@ +<?php +/** + * @file + * Solstice footer + */ +?> +<p id="back-to-top"> + <a class="visible-xs" href="#top">Back to the top</a> +</p> +<footer role="contentinfo" id="solstice-footer-min" class="footer-min"> + <div class="container""> + <div class="row"> + <div class="col-sm-13"> + <p>Copyright © <?php print date('Y');?> The Eclipse Foundation. All Rights Reserved.</p> + </div> + <div class="col-sm-11"> + <ul class="list-inline" id="footer-legal-links"> + <li><a href="http://www.eclipse.org/legal/privacy.php">Privacy Policy</a></li> + <li><a href="http://www.eclipse.org/legal/termsofuse.php">Terms of Use</a></li> + <li><a href="http://www.eclipse.org/legal/copyright.php">Copyright Agent</a></li> + </ul> + </div> + </div> + </div> +</footer> +<!-- Placed at the end of the document so the pages load faster --> +<script src="<?php print $this->getThemeUrl('solstice')?>public/javascript/main.min.js"></script> +<?php print $this->getExtraJsFooter();?> +</body> +</html> diff --git a/site_login/_projectCommon.php b/site_login/_projectCommon.php index 0c98d94..87d20d4 100755 --- a/site_login/_projectCommon.php +++ b/site_login/_projectCommon.php @@ -12,7 +12,9 @@ *******************************************************************************/ $theme = "solstice"; - $Nav->addCustomNav("Friends of Eclipse", "http://www.eclipse.org/donate/", "_self", 0); - $Nav->addCustomNav("Bugzilla", "https://bugs.eclipse.org/bugs/", "_self", 0); - $App->AddExtraJSFooter('<script type="text/javascript" src="public/js/script.min.js"></script>'); + if (isset($Nav) && $Nav instanceof Nav){ + $Nav->addCustomNav("Friends of Eclipse", "http://www.eclipse.org/donate/", "_self", 0); + $Nav->addCustomNav("Bugzilla", "https://bugs.eclipse.org/bugs/", "_self", 0); + $App->AddExtraJSFooter('<script type="text/javascript" src="public/js/script.min.js"></script>'); + } $App->AddExtraHtmlHeader('<link type="text/css" href="public/css/styles.min.css" rel="stylesheet"/>'); diff --git a/site_login/password_recovery.php b/site_login/password_recovery.php index 344b248..e00e421 100644 --- a/site_login/password_recovery.php +++ b/site_login/password_recovery.php @@ -12,18 +12,15 @@ *******************************************************************************/ header('Content-Type: text/html; charset=utf-8'); require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php"); - require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php"); - require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php"); require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/captcha/captcha.class.php"); require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/users/siteLogin.class.php"); $App = new App(); - $Nav = new Nav(); - $Menu = new Menu(); $Sitelogin = new Sitelogin('password-recovery'); $Captcha = new Captcha; $App->preventCaching(); + $Theme = $App->getThemeClass(); include("_projectCommon.php"); @@ -31,9 +28,14 @@ $pageKeywords = "eclipse, password, recovery"; $pageAuthor = "Eclipse Foundation, Inc."; + $Theme->setPageAuthor($pageAuthor); + $Theme->setPageKeywords($pageKeywords); + $Theme->setPageTitle($pageTitle); + // Custom theme variables $variables = array(); - $variables['main_container_classes'] = 'container-full footer-offset breadcrumbs-offset background-grey'; + $variables['body_classes'] = 'background-grey'; + $variables['main_container_classes'] = 'container-full footer-offset breadcrumbs-offset'; $App->setThemeVariables($variables); $Session = $App->useSession(); @@ -51,4 +53,6 @@ $App->setGoogleAnalyticsTrackingCode(NULL); # Generate the web page - $App->generatePage($theme, $Menu, NULL, $pageAuthor, $pageKeywords, $pageTitle, $html); + $Theme->setHtml($html); + $Theme->setLayout('default-with-footer-min'); + $Theme->generatePage(); |