iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixes #2522 use privacy-preserving verification message

Browse Source 
Replace the explicit "An email has been sent with a verification code" message with a privacy-preserving wording: "If your account exists, a verification code has been sent to your email address." This avoids account enumeration. Updated language entries in en_UK and fr_FR, the server-side message in password.php, and the password reset template.
This commit is contained in:
Linty
2026-02-12 17:25:50 +01:00
parent 74edc39995
commit b26ca3e08a
4 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
language/en_UK/common.lang.php
View File

@@ -518,7 +518,6 @@ $lang['Your API key will expire in %d days.'] = 'Your API key will expire in %d
$lang['To continue using the API, please renew your key before it expires.'] = 'To continue using the API, please renew your key before it expires.'; $lang['To continue using the API, please renew your key before it expires.'] = 'To continue using the API, please renew your key before it expires.';
$lang['You can manage your API keys in your <a href="%s">account settings.</a>'] = 'You can manage your API keys in your <a href="%s">account settings.</a>'; $lang['You can manage your API keys in your <a href="%s">account settings.</a>'] = 'You can manage your API keys in your <a href="%s">account settings.</a>';
$lang['Expert mode'] = 'Expert mode'; $lang['Expert mode'] = 'Expert mode';
$lang['An email has been sent with a verification code'] = 'An email has been sent with a verification code';
$lang['If you do not receive the email, please contact your webmaster.'] = 'If you do not receive the email, please contact your webmaster.'; $lang['If you do not receive the email, please contact your webmaster.'] = 'If you do not receive the email, please contact your webmaster.';
$lang['Verification code'] = 'Verification code'; $lang['Verification code'] = 'Verification code';
$lang['Verify'] = 'Verify'; $lang['Verify'] = 'Verify';
@@ -534,3 +533,4 @@ $lang['If this wasn\'t you, please change your password immediately or contact y
$lang['If you changed your password because you think it was stolen, we recommend revoking your %d API keys <a href="%s">in your profile</a>.'] = 'If you changed your password because you think it was stolen, we recommend revoking your %d API keys <a href="%s">in your profile</a>.'; $lang['If you changed your password because you think it was stolen, we recommend revoking your %d API keys <a href="%s">in your profile</a>.'] = 'If you changed your password because you think it was stolen, we recommend revoking your %d API keys <a href="%s">in your profile</a>.';
$lang['Too many attempts, please try later..'] = 'Too many attempts, please try later..'; $lang['Too many attempts, please try later..'] = 'Too many attempts, please try later..';
$lang['Verification successful! You can now choose a new password.'] = 'Verification successful! You can now choose a new password.'; $lang['Verification successful! You can now choose a new password.'] = 'Verification successful! You can now choose a new password.';
$lang['If your account exists, a verification code has been sent to your email address.'] = 'If your account exists, a verification code has been sent to your email address.';

2
language/fr_FR/common.lang.php
View File

@@ -517,7 +517,6 @@ $lang['Your API key will expire in %d days.'] = 'Votre clé API expirera dans %d
$lang['To continue using the API, please renew your key before it expires.'] = 'Pour continuer à utiliser l\'API, veuillez renouveler votre clé avant son expiration.'; $lang['To continue using the API, please renew your key before it expires.'] = 'Pour continuer à utiliser l\'API, veuillez renouveler votre clé avant son expiration.';
$lang['You can manage your API keys in your <a href="%s">account settings.</a>'] = 'Vous pouvez gérer vos clés API dans les <a href="%s">paramètres de votre compte.</a>'; $lang['You can manage your API keys in your <a href="%s">account settings.</a>'] = 'Vous pouvez gérer vos clés API dans les <a href="%s">paramètres de votre compte.</a>';
$lang['Expert mode'] = 'Mode expert'; $lang['Expert mode'] = 'Mode expert';
$lang['An email has been sent with a verification code'] = 'Un e-mail contenant un code de vérification vous a été envoyé';
$lang['If you do not receive the email, please contact your webmaster.'] = 'Si vous ne recevez pas cet e-mail, veuillez contacter votre webmaster.'; $lang['If you do not receive the email, please contact your webmaster.'] = 'Si vous ne recevez pas cet e-mail, veuillez contacter votre webmaster.';
$lang['Verification code'] = 'Code de vérification'; $lang['Verification code'] = 'Code de vérification';
$lang['Verify'] = 'Vérifier'; $lang['Verify'] = 'Vérifier';
@@ -533,3 +532,4 @@ $lang['If this wasn\'t you, please change your password immediately or contact y
$lang['If you changed your password because you think it was stolen, we recommend revoking your %d API keys <a href="%s">in your profile</a>.'] = 'Si vous avez changé votre mot de passe car vous pensez qu\'il a été volé, nous vous recommandons de révoquer vos %d clefs d\'API <a href="%s">sur votre profil</a>.'; $lang['If you changed your password because you think it was stolen, we recommend revoking your %d API keys <a href="%s">in your profile</a>.'] = 'Si vous avez changé votre mot de passe car vous pensez qu\'il a été volé, nous vous recommandons de révoquer vos %d clefs d\'API <a href="%s">sur votre profil</a>.';
$lang['Too many attempts, please try later..'] = 'Trop de tentatives, veuillez réessayer plus tard..'; $lang['Too many attempts, please try later..'] = 'Trop de tentatives, veuillez réessayer plus tard..';
$lang['Verification successful! You can now choose a new password.'] = 'Vérification réussie ! Vous pouvez maintenant choisir un nouveau mot de passe.'; $lang['Verification successful! You can now choose a new password.'] = 'Vérification réussie ! Vous pouvez maintenant choisir un nouveau mot de passe.';
$lang['If your account exists, a verification code has been sent to your email address.'] = 'Si votre compte existe, un code de vérification a été envoyé à votre adresse email.';

2
password.php
View File

@@ -360,7 +360,7 @@ if (isset($_POST['submit']))
{ {
if (process_verification_code()) if (process_verification_code())
{ {
$page['infos'][] = l10n('An email has been sent with a verification code'); $page['infos'][] = l10n('If your account exists, a verification code has been sent to your email address.');
$page['action'] = 'lost_code'; $page['action'] = 'lost_code';
} }
} }

2
themes/standard_pages/template/password.tpl
View File

@@ -114,7 +114,7 @@
</div> </div>
{elseif $action eq 'lost_code'} {elseif $action eq 'lost_code'}
<span class="success-message"><i class="gallery-icon-ok-circled"></i>{'An email has been sent with a verification code'|translate}</span> <span class="success-message"><i class="gallery-icon-ok-circled"></i>{'If your account exists, a verification code has been sent to your email address.'|translate}</span>
<div class="column-flex"> <div class="column-flex">
<label for="user_code">{'Verification code'|@translate}</label> <label for="user_code">{'Verification code'|@translate}</label>
<div class="row-flex input-container"> <div class="row-flex input-container">