From 971c526adedbef668df30fa809331fa39c93e5ee Mon Sep 17 00:00:00 2001 From: Ilia Ross Date: Fri, 25 Apr 2025 11:39:27 +0300 Subject: [PATCH 1/3] Fix to lower the static delay for now --- forgot_send.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/forgot_send.cgi b/forgot_send.cgi index 1c621af62..a207f8eaa 100755 --- a/forgot_send.cgi +++ b/forgot_send.cgi @@ -14,7 +14,7 @@ $remote_user && &error($text{'forgot_elogin'}); # Slow down the rate of password reset requests (plus needs better check by IP # to limit the number of requests per IP in a given time period) -sleep(3); +sleep(1); # Lookup the Webmin user &foreign_require("acl"); From cc83641c11e28bcbbede960634650662f6f201ce Mon Sep 17 00:00:00 2001 From: Ilia Ross Date: Fri, 25 Apr 2025 20:01:30 +0300 Subject: [PATCH 2/3] Add ability for themes to handle each "forgot_*" page --- WebminCore.pm | 2 +- forgot.cgi | 7 +++++-- forgot_form.cgi | 2 ++ forgot_send.cgi | 4 +++- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/WebminCore.pm b/WebminCore.pm index d4342142f..cd743eccd 100644 --- a/WebminCore.pm +++ b/WebminCore.pm @@ -30,7 +30,7 @@ push(@EXPORT, qw(&unique)); push(@EXPORT, qw($config_directory $var_directory $remote_error_handler %month_to_number_map %number_to_month_map $webmin_feedback_address $default_lang $default_charset $module_index_name $module_index_link %in $in @in $progress_callback_prefix $progress_callback_url $wait_for_debug $wait_for_input @matches $theme_no_table $webmin_logfile $pragma_no_cache)); # Functions defined in themes -push(@EXPORT, qw(&theme_post_save_domain &theme_post_save_domains &theme_post_save_server &theme_select_server &theme_select_domain &theme_post_save_folder &theme_post_change_modules &theme_address_button &theme_virtualmin_ui_rating_selector &theme_virtualmin_ui_show_cron_time &theme_virtualmin_ui_parse_cron_time &theme_virtualmin_ui_html_editor_bodytags &theme_virtualmin_ui_show_html_editor &theme_post_change_theme &theme_pre_change_theme &theme_fonts &theme_css_inline &theme_forgot_url)); +push(@EXPORT, qw(&theme_post_save_domain &theme_post_save_domains &theme_post_save_server &theme_select_server &theme_select_domain &theme_post_save_folder &theme_post_change_modules &theme_address_button &theme_virtualmin_ui_rating_selector &theme_virtualmin_ui_show_cron_time &theme_virtualmin_ui_parse_cron_time &theme_virtualmin_ui_html_editor_bodytags &theme_virtualmin_ui_show_html_editor &theme_post_change_theme &theme_pre_change_theme &theme_fonts &theme_css_inline &theme_forgot_url &theme_forgot_handler)); $called_from_webmin_core = 1; do "web-lib.pl"; diff --git a/forgot.cgi b/forgot.cgi index 2ea5933d8..28afe40b5 100755 --- a/forgot.cgi +++ b/forgot.cgi @@ -7,9 +7,12 @@ $no_acl_check++; $trust_unknown_referers = 1; &init_config(); &ReadParse(); -$gconfig{'forgot_pass'} || &error($text{'forgot_ecannot'}); -my $forgot_timeout = 10; +&load_theme_library(); + &error_setup($text{'forgot_err'}); +$gconfig{'forgot_pass'} || &error($text{'forgot_ecannot'}); +&theme_forgot_handler($0) if (defined(&theme_forgot_handler)); +my $forgot_timeout = 10; $remote_user && &error($text{'forgot_elogin'}); # Check that the random ID is valid diff --git a/forgot_form.cgi b/forgot_form.cgi index 855523ebf..f4bf9c1b4 100755 --- a/forgot_form.cgi +++ b/forgot_form.cgi @@ -6,9 +6,11 @@ use WebminCore; $no_acl_check++; &init_config(); &ReadParse(); +&load_theme_library(); &error_setup($text{'forgot_err'}); $gconfig{'forgot_pass'} || &error($text{'forgot_ecannot'}); +&theme_forgot_handler($0) if (defined(&theme_forgot_handler)); $remote_user && &error($text{'forgot_elogin'}); &ui_print_header(undef, $text{'forgot_title'}, "", undef, undef, 1, 1); diff --git a/forgot_send.cgi b/forgot_send.cgi index a207f8eaa..78c17081e 100755 --- a/forgot_send.cgi +++ b/forgot_send.cgi @@ -10,6 +10,7 @@ $no_acl_check++; &error_setup($text{'forgot_err'}); $gconfig{'forgot_pass'} || &error($text{'forgot_ecannot'}); +&theme_forgot_handler($0) if (defined(&theme_forgot_handler)); $remote_user && &error($text{'forgot_elogin'}); # Slow down the rate of password reset requests (plus needs better check by IP @@ -75,7 +76,8 @@ $link{'id'} || &error($text{'forgot_erandom'}); &write_file("$main::forgot_password_link_dir/$link{'id'}", \%link); my $baseurl = &get_webmin_email_url(); my $url = $baseurl.'/forgot.cgi?id='.&urlize($link{'id'}); -$url = &theme_forgot_url($baseurl, $link{'id'}) if (defined(&theme_forgot_url)); +$url = &theme_forgot_url($baseurl, $link{'id'}, $link{'user'}) + if (defined(&theme_forgot_url)); &ui_print_header(undef, $text{'forgot_title'}, "", undef, undef, 1, 1); From 4f046c1d6db17293abf29e0712f38449c136f728 Mon Sep 17 00:00:00 2001 From: Ilia Ross Date: Fri, 25 Apr 2025 23:58:06 +0300 Subject: [PATCH 3/3] Fix to quote escape labels --- servers/edit_serv.cgi | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/servers/edit_serv.cgi b/servers/edit_serv.cgi index 1ff119083..ff74cc84c 100755 --- a/servers/edit_serv.cgi +++ b/servers/edit_serv.cgi @@ -103,15 +103,17 @@ if ($access{'forcelink'}) { } else { # Login mode + my $qulbl = "e_escape($text{'edit_user'}, '"'); + my $qplbl = "e_escape($text{'edit_pass'}, '"'); my $linksel = &ui_radio("mode", $mode, [ [ 0, "$text{'edit_mode0'}
" ], [ 1, &text('edit_mode12', - &ui_textbox("wuser", $mode == 1 ? $s->{'user'} : "", 8, - undef, undef, " aria-label=\"$text{'edit_user'}\" ". - "placeholder=\"$text{'edit_user'}\""), - &ui_password("wpass", $s->{'pass'}, 8, undef, - undef, " aria-label=\"$text{'edit_pass'}\" ". - "placeholder=\"$text{'edit_pass'}\""))."
" ], + &ui_textbox("wuser", $mode == 1 ? $s->{'user'} : "", 8, + undef, undef, + " aria-label=\"$qulbl\" placeholder=\"$qulbl\""), + &ui_password("wpass", $s->{'pass'}, 8, undef, undef, + " aria-label=\"$qplbl\" placeholder=\"$qplbl\"")). + "
" ], [ 2, "$text{'edit_mode2'}
" ], ($access{'pass'} && !$main::session_id || $mode == 3 ? ( [ 3, "$text{'edit_mode3'}
".