CI3-beta: Hardcoded English texts.

Question

CI3-beta: Hardcoded English texts.

Closed this issue 9 years ago · 4 comments

ci3-beta/application/controllers/account/Forgot_password.php

The callback validation rule check_username_or_email() contains the texts 'Invalid e-mail address format' and 'Invalid username format' that are not covered by the translation system.

Offtopic:

The method check_username_or_email() can be can be renamed into _check_username_or_email(), so it not be exposed to the browser. The corresponding callback rule then would have the name 'callback__check_username_or_email'.

Answer 1 · 2014-08-02T15:13:51.000Z

Thanks, will fix that.

As for it being accessible to browser, I believe it is for some AJAX request. I will have to double check that.

Answer 2 · 2014-08-02T15:18:46.000Z

http://localhost/a3m/account/forgot_password/check_username_or_email

This link should not be accessible by the browser. It is achieved by putting a underscore prefix to the method name. EDIT: And after the correction Error 404 should be shown. The error messages now reveal sensitive data about actual directory locations.

Answer 3 · 2014-08-02T21:22:51.000Z

After the fix I get 404.

Answer 4 · 2015-03-12T14:10:41.000Z

I think I got them all by now, but I'll leave this open for a little bit more longer just in case.