liquid_feedback_frontend
annotate app/main/index/_action/confirm_notify_email.lua @ 46:aaba4d28dd53
Added missing HTML encoding for page titles (security fix!)
| author | bsw |
|---|---|
| date | Mon Mar 15 03:04:19 2010 +0100 (2010-03-15) |
| parents | 8d91bccab0bf |
| children | 733f65c0c0a0 |
| rev | line source |
|---|---|
| bsw/jbe@6 | 1 local secret = param.get("secret") |
| bsw/jbe@6 | 2 |
| bsw/jbe@6 | 3 local member = Member:new_selector() |
| bsw/jbe@6 | 4 :add_where{ "notify_email_secret = ?", secret } |
| bsw/jbe@6 | 5 :add_where("notify_email_secret_expiry > now()") |
| bsw/jbe@6 | 6 :optional_object_mode() |
| bsw/jbe@6 | 7 :exec() |
| bsw/jbe@6 | 8 |
| bsw/jbe@6 | 9 if member then |
| bsw/jbe@6 | 10 member.notify_email = member.notify_email_unconfirmed |
| bsw/jbe@6 | 11 member.notify_email_unconfirmed = nil |
| bsw/jbe@6 | 12 member.notify_email_secret = nil |
| bsw/jbe@6 | 13 member:save() |
| bsw/jbe@6 | 14 slot.put_into("notice", _"Email address is confirmed now") |
| bsw/jbe@6 | 15 else |
| bsw/jbe@6 | 16 slot.put_into("error", _"Confirmation code invalid!") |
| bsw/jbe@6 | 17 return false |
| bsw/jbe@6 | 18 end |