From cc490ce8d6ec2b727aa18b5bacbbd60d0d739c27 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Wed, 8 Jan 2014 16:03:58 +0100 Subject: passreset.php: Error out if e-mail is empty Signed-off-by: Lukas Fleischer --- web/html/passreset.php | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/web/html/passreset.php b/web/html/passreset.php index 59fd4bc..e926161 100644 --- a/web/html/passreset.php +++ b/web/html/passreset.php @@ -37,14 +37,19 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir } } elseif (isset($_POST['email'])) { $email = $_POST['email']; - $body = __('A password reset request was submitted for the account '. - 'associated with your e-mail address. If you wish to reset '. - 'your password follow the link below, otherwise ignore '. - 'this message and nothing will happen.'). - send_resetkey($email, $body); - header('Location: ' . get_uri('/passreset/') . '?step=confirm'); - exit(); + if (empty($email)) { + $error = __('Missing a required field.'); + } else { + $body = __('A password reset request was submitted for the account '. + 'associated with your e-mail address. If you wish to reset '. + 'your password follow the link below, otherwise ignore '. + 'this message and nothing will happen.'). + send_resetkey($email, $body); + + header('Location: ' . get_uri('/passreset/') . '?step=confirm'); + exit(); + } } $step = isset($_GET['step']) ? $_GET['step'] : NULL; -- cgit v1.2.3-54-g00ecf