source: trunk/services/templates/password.ihtml @ 185

Last change on this file since 185 was 185, checked in by scdev, 18 years ago

Q - added oTxt() around all printed PHP_SELFs to avoid XSS attack. See: http://blog.phpdoc.info/archives/13-XSS-Woes.html

File size: 1.2 KB
Line 
1<?php $fv->printErrorMessages(); ?>
2
3<form method="post" action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>">
4<?php $app->printHiddenSession() ?>
5<input type="hidden" name="op" value="update_password" />
6<table>
7    <tr>
8        <td class="sc-right"><label for="oldpassword"<?php $fv->err('oldpassword', ' class="error"') ?>><?php echo _("Old password"); ?></label></td>
9        <td>
10            <input type="password" class="sc-medium" size="50" name="oldpassword" />
11        </td>
12    </tr>
13    <tr>
14        <td class="sc-right"><label for="newpassword"<?php $fv->err('newpassword', ' class="error"') ?>><?php echo _("New password"); ?></label></td>
15        <td>
16            <input type="password" class="sc-medium" size="50" name="newpassword" />
17        </td>
18    </tr>
19    <tr>
20        <td class="sc-right"><label for="newpassword2"<?php $fv->err('newpassword2', ' class="error"') ?>><?php echo _("New password again"); ?></label></td>
21        <td>
22            <input type="password" class="sc-medium" size="50" name="newpassword2" />
23        </td>
24    </tr>
25    <tr>
26        <td>&nbsp;</td>
27        <td><input type="submit" value="<?php echo _("Change password"); ?>" /></td>
28    </tr>
29</table>
30</form>
Note: See TracBrowser for help on using the repository browser.