summaryrefslogtreecommitdiff
path: root/modules/user
diff options
context:
space:
mode:
Diffstat (limited to 'modules/user')
-rw-r--r--modules/user/controllers/password.php5
-rw-r--r--modules/user/views/admin_users.html.php8
-rw-r--r--modules/user/views/admin_users_group.html.php12
-rw-r--r--modules/user/views/login.html.php2
-rw-r--r--modules/user/views/reset_password.html.php23
5 files changed, 27 insertions, 23 deletions
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index 8604b7c4..c3e66634 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -57,9 +57,8 @@ class Password_Controller extends Controller {
$user->hash = md5(rand());
$user->save();
$message = new View("reset_password.html");
- $message->url = url::abs_site("password/do_reset?key=$user->hash");
- $message->name = $user->full_name;
- $message->title = t("Password Reset Request");
+ $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
+ $message->user = $user;
Sendmail::factory()
->to($user->email)
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index bec74d28..859f3c8e 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -68,16 +68,16 @@
<td id="user-<?= $user->id ?>" class="core-info gDraggable">
<img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
title="<?= t("Drag user onto group below to add as a new member") ?>"
- alt="<?= $user->name ?>"
+ alt="<?= p::clean($user->name) ?>"
width="20"
height="20" />
- <?= $user->name ?>
+ <?= p::clean($user->name) ?>
</td>
<td>
- <?= $user->full_name ?>
+ <?= p::clean($user->full_name) ?>
</td>
<td>
- <?= $user->email ?>
+ <?= p::clean($user->email) ?>
</td>
<td>
<?= ($user->last_login == 0) ? "" : date("j-M-y", $user->last_login) ?>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
index a25e687a..820b3031 100644
--- a/modules/user/views/admin_users_group.html.php
+++ b/modules/user/views/admin_users_group.html.php
@@ -1,8 +1,8 @@
<?php defined("SYSPATH") or die("No direct script access.") ?>
-<strong><?= $group->name ?></strong>
+<strong><?= p::clean($group->name) ?></strong>
<? if (!$group->special): ?>
<a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
- title="<?= t("Delete " . $group->name) ?>"
+ title="<?= t("Delete %name", array("name" => p::clean($group->name))) ?>"
class="gDialogLink gButtonLink ui-state-default ui-corner-all">
<span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
<? else: ?>
@@ -13,11 +13,15 @@
<ul>
<? foreach ($group->users as $i => $user): ?>
<li class="gUser">
- <?= $user->name ?>
+ <?= p::clean($user->name) ?>
<? if (!$group->special): ?>
<a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
class="gButtonLink ui-state-default ui-corner-all ui-icon-left">
- <span class="ui-icon ui-icon-closethick">Remove <?= $user->name ?> from <?= $group->name ?></span></a>
+ <span class="ui-icon ui-icon-closethick">
+ <?= t("Remove %user from %group",
+ array("user" => p::clean($user->name), "group" => p::clean($group->name))) ?>
+ </span>
+ </a>
<? endif ?>
</li>
<? endforeach ?>
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
index d9a558b5..cce2fb54 100644
--- a/modules/user/views/login.html.php
+++ b/modules/user/views/login.html.php
@@ -11,7 +11,7 @@
'<a href="' . url::site("form/edit/users/{$user->id}") .
'" title="' . t("Edit Your Profile") .
'" id="gUserProfileLink" class="gDialogLink">' .
- (empty($user->full_name) ? $user->name : $user->full_name) . '</a>')) ?></li>
+ p::clean(empty($user->full_name) ? $user->name : $user->full_name) . '</a>')) ?></li>
<li><a href="<?= url::site("logout?continue=" . url::current(true)) ?>"
id="gLogoutLink"><?= t("Logout") ?></a></li>
<? endif; ?>
diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php
index 39845d61..4c4672ee 100644
--- a/modules/user/views/reset_password.html.php
+++ b/modules/user/views/reset_password.html.php
@@ -1,14 +1,15 @@
<?php defined("SYSPATH") or die("No direct script access.") ?>
<html>
-<head>
- <title><?= $title ?> </title>
-</head>
-<body>
- <h2><?= t("Password Reset Request") ?> </h2>
- <p>
- <?= sprintf(t("A request to reset your password (user: %s) at %s."), $name, url::base(false, "http")) ?>
- <?= sprintf(t("To confirm this request please click on the link below")) ?><br />
- <a href="<?= $url ?>"><?= t("Reset Password") ?></a>
- </p>
-</body>
+ <head>
+ <title><?= t("Password Reset Request") ?> </title>
+ </head>
+ <body>
+ <h2><?= t("Password Reset Request") ?> </h2>
+ <p>
+ <?= t("Hello, %name,", array("name" => p::clean($user->full_name ? $user->full_name : $user->name))) ?>
+ </p>
+ <p>
+ <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>. If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>. If you didn't request this password reset, it's ok to ignore this mail.", array("site_url" => url::base(false, "http"), "confirm_url" => $confirm_url)) ?>
+ </p>
+ </body>
</html>
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-14 02:08:01 +0000