CI3-beta: Hardcoded English texts.
Closed this issue · 4 comments
ci3-beta/application/controllers/account/Forgot_password.php
The callback validation rule check_username_or_email() contains the texts 'Invalid e-mail address format' and 'Invalid username format' that are not covered by the translation system.
Offtopic:
The method check_username_or_email() can be can be renamed into _check_username_or_email(), so it not be exposed to the browser. The corresponding callback rule then would have the name 'callback__check_username_or_email'.
Thanks, will fix that.
As for it being accessible to browser, I believe it is for some AJAX request. I will have to double check that.
http://localhost/a3m/account/forgot_password/check_username_or_email
This link should not be accessible by the browser. It is achieved by putting a underscore prefix to the method name. EDIT: And after the correction Error 404 should be shown. The error messages now reveal sensitive data about actual directory locations.
After the fix I get 404.
I think I got them all by now, but I'll leave this open for a little bit more longer just in case.