Bug 472396 - [security] LEAKING PASSWORD RESET TOKEN VIA REFERRER
Signed-off-by: Christopher Guindon <chris.guindon@eclipse.org>
diff --git a/eclipse.org-common/classes/themes/baseTheme.class.php b/eclipse.org-common/classes/themes/baseTheme.class.php
index 0b13b04..7f9b66c 100644
--- a/eclipse.org-common/classes/themes/baseTheme.class.php
+++ b/eclipse.org-common/classes/themes/baseTheme.class.php
@@ -1285,7 +1285,8 @@
'barebone',
'thin',
'thin-header',
- 'default-with-footer-min'
+ 'default-with-footer-min',
+ 'thin-with-footer-min'
);
$this->layout = 'default';
if (in_array($layout, $acceptable_layouts)) {
@@ -1925,6 +1926,21 @@
print $this->getThemeFile('menu');
break;
+ case 'thin-with-footer-min':
+ $this->setAttributes('header-wrapper', 'thin-header');
+ $this->resetAttributes('header-left', 'class');
+ $this->setAttributes('header-left', 'col-sm-6 col-md-6 col-lg-5');
+ $this->resetAttributes('main-menu-wrapper', 'class');
+ $this->setAttributes('main-menu-wrapper', 'col-sm-18 col-md-18 col-lg-19');
+ $this->setAttributes('main-menu', 'navbar-right');
+ $this->setAttributes('header-row', 'row');
+ $this->setDisplayHeaderRight(FALSE);
+ print $this->getThemeFile('header');
+ print $this->getThemeFile('menu');
+ print $this->getThemeFile('body');
+ print $this->getThemeFile('footer-min');
+ break;
+
case 'default-header':
print $this->getThemeFile('header');
print $this->getThemeFile('menu');
@@ -2081,4 +2097,45 @@
}
}
+ /**
+ * Get Html of Header Top
+ */
+ public function getHeaderTop() {
+ return "";
+ }
+
+ /**
+ * JS Script Settings
+ * @return string
+ */
+ public function getScriptSettings() {
+
+ $cookie_name = 'eclipse_settings';
+
+ // Keep only the majob and minor version
+ $php_version = substr(phpversion(), 0, 3);
+
+ // Remove the dot separating the major and minor version
+ $php_version = str_replace(".", "", $php_version);
+
+ // The Cookie class is enabled by default
+ $cookie_enabled = 1;
+
+ // If the PHP version is lower than 5.3
+ // We need to disable the cookie class
+ if ($php_version < "53") {
+ $cookie_enabled = 0;
+ }
+
+ $script_array = array(
+ "settings" => array(
+ "cookies_class" => array(
+ "name" => $cookie_name,
+ "enabled" => $cookie_enabled,
+ ),
+ ),
+ );
+
+ return "<script> var eclipse_org_common = ". json_encode($script_array) ."</script>";
+ }
}
\ No newline at end of file
diff --git a/site_login/password_recovery.php b/site_login/password_recovery.php
index e00e421..055a44e 100644
--- a/site_login/password_recovery.php
+++ b/site_login/password_recovery.php
@@ -54,5 +54,6 @@
$App->setGoogleAnalyticsTrackingCode(NULL);
# Generate the web page
$Theme->setHtml($html);
- $Theme->setLayout('default-with-footer-min');
+ $Theme->setLayout('thin-with-footer-min');
+ $Theme->setDisplayMore(FALSE);
$Theme->generatePage();
