lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-15 19:54:57 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Fixing possibility of open redirection attack on post-registration screens

Browse Source 
Fixing the fix of #2295.
This commit is contained in:
Lombiq
2015-10-27 22:31:26 +01:00
parent 8c7508546c
commit 393f5bc9d3
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Orchard.Web/Modules/Orchard.Users/Views/Account/ChallengeEmailSent.cshtml
View File

@@ -1,4 +1,6 @@
@model dynamic @model dynamic
<h1>@Html.TitleForPage(T("Challenge Email Sent").ToString()) </h1> <h1>@Html.TitleForPage(T("Challenge Email Sent").ToString()) </h1>
<p>@T("An email has been sent to you. Please click on the link it contains in order to have access on this site.") </p> <p>@T("An email has been sent to you. Please click on the link it contains in order to have access on this site.") </p>
<p>@Html.Link(T("Go back to where you were"), Url.Content(Request.QueryString["ReturnUrl"]))</p> @if (Url.IsLocalUrl(Request.QueryString["ReturnUrl"])) {
<p>@Html.Link(T("Go back to where you were"), Url.Content(Request.QueryString["ReturnUrl"]))</p>
}

4
src/Orchard.Web/Modules/Orchard.Users/Views/Account/RegistrationPending.cshtml
View File

@@ -1,4 +1,6 @@
@model dynamic @model dynamic
<h1>@Html.TitleForPage(T("User Registration Pending").ToString()) </h1> <h1>@Html.TitleForPage(T("User Registration Pending").ToString()) </h1>
<p>@T("Your user account has been created but has to be approved before it can be used.")</p> <p>@T("Your user account has been created but has to be approved before it can be used.")</p>
<p>@Html.Link(T("Go back to where you were"), Url.Content(Request.QueryString["ReturnUrl"]))</p> @if (Url.IsLocalUrl(Request.QueryString["ReturnUrl"])) {
<p>@Html.Link(T("Go back to where you were"), Url.Content(Request.QueryString["ReturnUrl"]))</p>
}