Open fsyzty opened 4 years ago
LoginServlet.java
else if (page.equals("sendlink")) { out = setCookieOutput(userInfo, resp); out.println("<head><title>" + bundle.getString("requestreset") + "</title></head>\n"); out.println("<body>\n"); out.println("<h1>" + bundle.getString("requestlink") + "</h1>\n"); out.println("<p>" + bundle.getString("requestinstructions") + "</p>\n"); out.println("<form method=POST action=\"" + req.getRequestURI() + "\">\n"); out.println(bundle.getString("enteremailaddress") + ": <input type=text name=email value=\"\" size=\"35\"><br />\n"); out.println("<p></p>"); out.println("<input type=submit value=\"" + bundle.getString("sendlink") + "\" style=\"font-size: 300%;\">\n"); out.println("</form>\n"); return; }
=============================>
else if (page.equals("sendlink")) { out = setCookieOutput(userInfo, resp); out.println("<head><title>" + bundle.getString("requestreset") + "</title></head>\n"); out.println("<body>\n"); out.println("<h1>" + bundle.getString("requestlink") + "</h1>\n"); out.println("<p>" + bundle.getString("requestinstructions") + "</p>\n"); out.println("<form method=POST action=\"" + req.getRequestURI() + "\">\n"); out.println(bundle.getString("enteremailaddress") + ": <input type=text name=email value=\"\" size=\"35\"><br />\n"); out.println("<p><input type=hidden name=locale value=\""+ locale + "\"></p>"); out.println("<input type=submit value=\"" + bundle.getString("sendlink") + "\" style=\"font-size: 300%;\">\n"); out.println("</form>\n"); return; }
private void fail(HttpServletRequest req, HttpServletResponse resp, String error) throws IOException { resp.sendRedirect("/login/?error=" + sanitizer.sanitize(error)); return; }
=========================>
private void fail(HttpServletRequest req, HttpServletResponse resp,String locale, String error) throws IOException { resp.sendRedirect("/login/?locale="+ locale +"&error=" + URLEncoder.encode(sanitizer.sanitize(error))); return; }
@fsyzty We don't use the login page in production so this isn't a particularly high priority item for us to fix. If you want to go ahead and submit these as a PR then we can review and merge it.
@fsyzty thank for locating this bug. Please submit a PR. For those who use local login page would be very thankful for this fix.
<a href="/login/sendlink" style="text-decoration:none;">${passwordclickhereLabel}</a>
===================>
<a href="/login/sendlink?locale=<%= locale %>" style="text-decoration:none;">${passwordclickhereLabel}</a>