diff options
| author | Christopher Guindon | 2016-11-10 18:10:27 +0000 |
|---|---|---|
| committer | Christopher Guindon | 2016-11-10 18:10:27 +0000 |
| commit | 7916e1696532cf6a5eaa4d429b210faf92482bf8 (patch) | |
| tree | 4d149b55f63457d4af3a5443b6091e0f1bed34b1 | |
| parent | 8f686bb340b9706ddc124897a652582896622cbc (diff) | |
| download | dev.eclipse.org-7916e1696532cf6a5eaa4d429b210faf92482bf8.tar.gz dev.eclipse.org-7916e1696532cf6a5eaa4d429b210faf92482bf8.tar.xz dev.eclipse.org-7916e1696532cf6a5eaa4d429b210faf92482bf8.zip | |
Bug 472396 - [security] LEAKING PASSWORD RESET TOKEN VIA REFERRER
Signed-off-by: Christopher Guindon <chris.guindon@eclipse.org>
| -rw-r--r-- | eclipse.org-common/classes/themes/baseTheme.class.php | 59 | ||||
| -rw-r--r-- | site_login/password_recovery.php | 3 |
2 files changed, 60 insertions, 2 deletions
diff --git a/eclipse.org-common/classes/themes/baseTheme.class.php b/eclipse.org-common/classes/themes/baseTheme.class.php index 0b13b04..7f9b66c 100644 --- a/eclipse.org-common/classes/themes/baseTheme.class.php +++ b/eclipse.org-common/classes/themes/baseTheme.class.php @@ -1285,7 +1285,8 @@ EOHTML; 'barebone', 'thin', 'thin-header', - 'default-with-footer-min' + 'default-with-footer-min', + 'thin-with-footer-min' ); $this->layout = 'default'; if (in_array($layout, $acceptable_layouts)) { @@ -1925,6 +1926,21 @@ EOHTML; print $this->getThemeFile('menu'); break; + case 'thin-with-footer-min': + $this->setAttributes('header-wrapper', 'thin-header'); + $this->resetAttributes('header-left', 'class'); + $this->setAttributes('header-left', 'col-sm-6 col-md-6 col-lg-5'); + $this->resetAttributes('main-menu-wrapper', 'class'); + $this->setAttributes('main-menu-wrapper', 'col-sm-18 col-md-18 col-lg-19'); + $this->setAttributes('main-menu', 'navbar-right'); + $this->setAttributes('header-row', 'row'); + $this->setDisplayHeaderRight(FALSE); + print $this->getThemeFile('header'); + print $this->getThemeFile('menu'); + print $this->getThemeFile('body'); + print $this->getThemeFile('footer-min'); + break; + case 'default-header': print $this->getThemeFile('header'); print $this->getThemeFile('menu'); @@ -2081,4 +2097,45 @@ EOHTML; } } + /** + * Get Html of Header Top + */ + public function getHeaderTop() { + return ""; + } + + /** + * JS Script Settings + * @return string + */ + public function getScriptSettings() { + + $cookie_name = 'eclipse_settings'; + + // Keep only the majob and minor version + $php_version = substr(phpversion(), 0, 3); + + // Remove the dot separating the major and minor version + $php_version = str_replace(".", "", $php_version); + + // The Cookie class is enabled by default + $cookie_enabled = 1; + + // If the PHP version is lower than 5.3 + // We need to disable the cookie class + if ($php_version < "53") { + $cookie_enabled = 0; + } + + $script_array = array( + "settings" => array( + "cookies_class" => array( + "name" => $cookie_name, + "enabled" => $cookie_enabled, + ), + ), + ); + + return "<script> var eclipse_org_common = ". json_encode($script_array) ."</script>"; + } }
\ No newline at end of file diff --git a/site_login/password_recovery.php b/site_login/password_recovery.php index e00e421..055a44e 100644 --- a/site_login/password_recovery.php +++ b/site_login/password_recovery.php @@ -54,5 +54,6 @@ $App->setGoogleAnalyticsTrackingCode(NULL); # Generate the web page $Theme->setHtml($html); - $Theme->setLayout('default-with-footer-min'); + $Theme->setLayout('thin-with-footer-min'); + $Theme->setDisplayMore(FALSE); $Theme->generatePage(); |