From 9369ccab7fb3413d63e218cec81b4cf43442fd98 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sun, 31 May 2009 01:02:51 -0700
Subject: Run all variables that come from user-entered data through p::clean()

---
 modules/user/views/reset_password.html.php | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

(limited to 'modules/user/views/reset_password.html.php')

diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php
index 39845d61..4c4672ee 100644
--- a/modules/user/views/reset_password.html.php
+++ b/modules/user/views/reset_password.html.php
@@ -1,14 +1,15 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
-<head>
-  <title><?= $title ?> </title>
-</head>
-<body>
-  <h2><?= t("Password Reset Request") ?> </h2>
-  <p>
-    <?= sprintf(t("A request to reset your password (user: %s) at %s."), $name, url::base(false, "http")) ?>
-    <?= sprintf(t("To confirm this request please click on the link below")) ?><br />
-    <a href="<?= $url ?>"><?= t("Reset Password") ?></a>
-  </p>
-</body>
+  <head>
+    <title><?= t("Password Reset Request") ?> </title>
+  </head>
+  <body>
+    <h2><?= t("Password Reset Request") ?> </h2>
+    <p>
+      <?= t("Hello, %name,", array("name" => p::clean($user->full_name ? $user->full_name : $user->name))) ?>
+    </p>
+    <p>
+      <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>.  If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>.  If you didn't request this password reset, it's ok to ignore this mail.", array("site_url" => url::base(false, "http"), "confirm_url" => $confirm_url)) ?>
+    </p>
+  </body>
 </html>
-- 
cgit v1.2.3