A Welcome email partially reporting the generated password due to the fact that the random password can casually form pieces of HTML
E.g. if the generated password is Ar4Ke<divQp, when you open the email with Outlook, Thunderbird or even in the browser you'll see Ar4Ke, making you believe this is actually the password.
Problem is that ->password is not Html::encode()'d at echoing time in 2amigos/yii2-usuario/src/User/resources/views/mail/welcome.php
What steps will reproduce the problem?
Register a new user with generatePasswords set to True.
What is the expected result?
A Welcome email reporting the generated password
What do you get instead?
A Welcome email partially reporting the generated password due to the fact that the random password can casually form pieces of HTML
E.g. if the generated password is
Ar4Ke<divQp, when you open the email with Outlook, Thunderbird or even in the browser you'll seeAr4Ke, making you believe this is actually the password.Problem is that ->password is not Html::encode()'d at echoing time in
2amigos/yii2-usuario/src/User/resources/views/mail/welcome.php