mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-12-05 17:18:13 +01:00
FIX Must use external link into a forged email content.
This commit is contained in:
Laurent Destailleur
@@ -13,7 +13,7 @@ ListOfValidatedPublicMembers=List of validated public members
|
||||
ErrorThisMemberIsNotPublic=This member is not public
|
||||
ErrorMemberIsAlreadyLinkedToThisThirdParty=Another member (name: <b>%s</b>, login: <b>%s</b>) is already linked to a third party <b>%s</b>. Remove this link first because a third party can't be linked to only a member (and vice versa).
|
||||
ErrorUserPermissionAllowsToLinksToItselfOnly=For security reasons, you must be granted permissions to edit all users to be able to link a member to a user that is not yours.
|
||||
ThisIsContentOfYourCard=This is details of your card
|
||||
ThisIsContentOfYourCard=Hi.<br><br>This is a remind of the information we get about you. Feel free to contact us if something looks wrong.<br><br>
|
||||
CardContent=Content of your member card
|
||||
SetLinkToUser=Link to a Dolibarr user
|
||||
SetLinkToThirdParty=Link to a Dolibarr third party
|
||||
|
||||
@@ -8,7 +8,7 @@ EditPassword=Edit password
|
||||
SendNewPassword=Regenerate and send password
|
||||
ReinitPassword=Regenerate password
|
||||
PasswordChangedTo=Password changed to: %s
|
||||
SubjectNewPassword=Your new password for Dolibarr
|
||||
SubjectNewPassword=Your new password for %s
|
||||
GroupRights=Group permissions
|
||||
UserRights=User permissions
|
||||
UserGUISetup=User display setup
|
||||
|
||||
@@ -1645,38 +1645,48 @@ class User extends CommonObject
|
||||
$outputlangs->load("users");
|
||||
$outputlangs->load("other");
|
||||
|
||||
$subject = $outputlangs->transnoentitiesnoconv("SubjectNewPassword");
|
||||
$appli=constant('DOL_APPLICATION_TITLE');
|
||||
if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli=$conf->global->MAIN_APPLICATION_TITLE;
|
||||
|
||||
$subject = $outputlangs->transnoentitiesnoconv("SubjectNewPassword", $appli);
|
||||
|
||||
// Define $urlwithroot
|
||||
//$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
|
||||
//$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
|
||||
$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
|
||||
$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
|
||||
//$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
|
||||
|
||||
if (! $changelater)
|
||||
{
|
||||
$url = $urlwithroot.'/';
|
||||
|
||||
$mesg.= $outputlangs->transnoentitiesnoconv("RequestToResetPasswordReceived").".\n";
|
||||
$mesg.= $outputlangs->transnoentitiesnoconv("NewKeyIs")." :\n\n";
|
||||
$mesg.= $outputlangs->transnoentitiesnoconv("Login")." = ".$this->login."\n";
|
||||
$mesg.= $outputlangs->transnoentitiesnoconv("Password")." = ".$password."\n\n";
|
||||
$mesg.= "\n";
|
||||
$url = $urlwithroot.'/';
|
||||
$mesg.= $outputlangs->transnoentitiesnoconv("ClickHereToGoTo", $conf->global->MAIN_APPLICATION_TITLE).': '.$url."\n\n";
|
||||
|
||||
$mesg.= $outputlangs->transnoentitiesnoconv("ClickHereToGoTo", $appli).': '.$url."\n\n";
|
||||
$mesg.= "--\n";
|
||||
$mesg.= $user->getFullName($outputlangs); // Username that make then sending
|
||||
|
||||
dol_syslog(get_class($this)."::send_password changelater is off, url=".$url);
|
||||
}
|
||||
else
|
||||
{
|
||||
$url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword&username='.$this->login."&passwordhash=".dol_hash($password);
|
||||
|
||||
$mesg.= $outputlangs->transnoentitiesnoconv("RequestToResetPasswordReceived")."\n";
|
||||
$mesg.= $outputlangs->transnoentitiesnoconv("NewKeyWillBe")." :\n\n";
|
||||
$mesg.= $outputlangs->transnoentitiesnoconv("Login")." = ".$this->login."\n";
|
||||
$mesg.= $outputlangs->transnoentitiesnoconv("Password")." = ".$password."\n\n";
|
||||
$mesg.= "\n";
|
||||
$mesg.= $outputlangs->transnoentitiesnoconv("YouMustClickToChange")." :\n";
|
||||
$url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword&username='.$this->login."&passwordhash=".dol_hash($password);
|
||||
$mesg.= $url."\n\n";
|
||||
$mesg.= $outputlangs->transnoentitiesnoconv("ForgetIfNothing")."\n\n";
|
||||
dol_syslog(get_class($this)."::send_password url=".$url);
|
||||
|
||||
dol_syslog(get_class($this)."::send_password changelater is on, url=".$url);
|
||||
}
|
||||
|
||||
$mailfile = new CMailFile(
|
||||
$subject,
|
||||
$this->email,
|
||||
|
||||
Reference in New Issue
Block a user