antadis/bebeboutik
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

New landing

Browse Source 
XSS vulnerabilities fix
This commit is contained in:
David 2018-02-02 10:52:55 +01:00
parent ac6a5c1667
commit f73be8dba4
5 changed files with 73 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
themes/site/authentication.tpl
View File

@ -332,17 +332,17 @@ $(function(){ldelim}
</p>*}
<p class="required text">
<label for="customer_firstname">{l s='First name'}</label>
<input onkeyup="$('#firstname').val(this.value);" type="text" class="text" id="customer_firstname" name="customer_firstname" value="{if isset($smarty.request.customer_firstname)}{$smarty.request.customer_firstname}{/if}" />
<input onkeyup="$('#firstname').val(this.value);" type="text" class="text" id="customer_firstname" name="customer_firstname" value="{if isset($smarty.request.customer_firstname)}{$smarty.request.customer_firstname|escape:'htmlall':'UTF-8'|stripslashes}{/if}" />
<sup>*</sup>
</p>
<p class="required text">
<label for="customer_lastname">{l s='Last name'}</label>
<input onkeyup="$('#lastname').val(this.value);" type="text" class="text" id="customer_lastname" name="customer_lastname" value="{if isset($smarty.request.customer_lastname)}{$smarty.request.customer_lastname}{/if}" />
<input onkeyup="$('#lastname').val(this.value);" type="text" class="text" id="customer_lastname" name="customer_lastname" value="{if isset($smarty.request.customer_lastname)}{$smarty.request.customer_lastname|escape:'htmlall':'UTF-8'|stripslashes}{/if}" />
<sup>*</sup>
</p>
<p class="required text">
<label for="email">{l s='E-mail'}</label>
<input type="text" class="text" id="email" name="email" value="{if isset($smarty.request.email)}{$smarty.request.email}{/if}" />
<input type="text" class="text" id="email" name="email" value="{if isset($smarty.request.email)}{$smarty.request.email|escape:'htmlall':'UTF-8'|stripslashes}{/if}" />
<sup>*</sup>
</p>
<p class="required password">
@ -393,7 +393,7 @@ $(function(){ldelim}
<p class="required text">
<label for="dni">{l s='Identification number'}</label>
<input type="text" class="text" name="dni" id="dni" value="{if isset($smarty.post.dni)}{$smarty.post.dni}{/if}" />
<input type="text" class="text" name="dni" id="dni" value="{if isset($smarty.post.dni)}{$smarty.post.dni|escape:'htmlall':'UTF-8'|stripslashes}{/if}" />
<span class="form_info">{l s='DNI / NIF / NIE'}</span>
<sup>*</sup>
</p>

23
themes/site_mobile/authentication.tpl
View File

@ -371,20 +371,20 @@ $(document).ready(function() {
<label for="id_gender2" class="top">{l s='Ms.'}</label>
</p>*}
<p class="required text">
<label for="customer_firstname">{l s='First name'} <sup>*</sup></label>
<input onkeyup="$('#firstname').val(this.value);" type="text" class="text" id="customer_firstname" name="customer_firstname" value="{if isset($smarty.request.customer_firstname)}{$smarty.request.customer_firstname}{/if}" />
{*<label for="customer_firstname">{l s='First name'} <sup>*</sup></label>*}
<input placeholder="{l s='First name'}" onkeyup="$('#firstname').val(this.value);" type="text" class="text" id="customer_firstname" name="customer_firstname" value="{if isset($smarty.request.customer_firstname)}{$smarty.request.customer_firstname|escape:'htmlall':'UTF-8'|stripslashes}{/if}" />
</p>
<p class="required text">
<label for="customer_lastname">{l s='Last name'} <sup>*</sup></label>
<input onkeyup="$('#lastname').val(this.value);" type="text" class="text" id="customer_lastname" name="customer_lastname" value="{if isset($smarty.request.customer_lastname)}{$smarty.request.customer_lastname}{/if}" />
{*<label for="customer_lastname">{l s='Last name'} <sup>*</sup></label>*}
<input placeholder="{l s='Last name'}" onkeyup="$('#lastname').val(this.value);" type="text" class="text" id="customer_lastname" name="customer_lastname" value="{if isset($smarty.request.customer_lastname)}{$smarty.request.customer_lastname|escape:'htmlall':'UTF-8'|stripslashes}{/if}" />
</p>
<p class="required text">
<label for="email">{l s='E-mail'} <sup>*</sup></label>
<input type="text" class="text" id="email" name="email" value="{if isset($smarty.request.email)}{$smarty.request.email}{/if}" />
{*<label for="email">{l s='E-mail'} <sup>*</sup></label>*}
<input placeholder="{l s='E-mail'}" type="text" class="text" id="email" name="email" value="{if isset($smarty.request.email)}{$smarty.request.email|escape:'htmlall':'UTF-8'|stripslashes}{/if}" />
</p>
<p class="required password">
<label for="passwd">{l s='Password'} <sup>*</sup></label>
<input type="password" class="text" name="passwd" id="passwd" />
{*<label for="passwd">{l s='Password'} <sup>*</sup></label>*}
<input placeholder="{l s='Password'}" type="password" class="text" name="passwd" id="passwd" />
{*<span class="form_info">{l s='(5 characters min.)'}</span>*}
</p>
{*<p class="select">
@ -429,7 +429,7 @@ $(document).ready(function() {
<p class="required text">
<label for="dni">{l s='Identification number'} <sup>*</sup></label>
<input type="text" class="text" name="dni" id="dni" value="{if isset($smarty.post.dni)}{$smarty.post.dni}{/if}" />
<input type="text" class="text" name="dni" id="dni" value="{if isset($smarty.post.dni)}{$smarty.post.dni|escape:'htmlall':'UTF-8'|stripslashes}{/if}" />
<span class="form_info">{l s='DNI / NIF / NIE'}</span>
<sup>*</sup>
</p>
@ -451,7 +451,7 @@ $(document).ready(function() {
</p>*}
{/if}
</fieldset>
<div class="cart_navigation required submit clearfix">
<div class="required submit clearfix">
<input type="hidden" name="email_create" value="1" />
<input type="hidden" name="is_new_customer" value="1" />
<input type="hidden" class="hidden" name="back" value="{$smarty.const.__PS_BASE_URI__}validation.php" />
@ -459,7 +459,8 @@ $(document).ready(function() {
<sup>*</sup>{l s='Required field'}
</span>
<div class="gradient">
<input type="submit" name="submitAccount" id="submitAccount" value="{l s='Register'}" class="exclusive" onclick="if($('#newsletter:checked').length == 0) { alert('{l s='Please accept our terms of use to continue' js=1}'); return false; }" />
{*<input type="submit" name="submitAccount" id="submitAccount" value="{l s='Register'}" class="exclusive" onclick="if($('#newsletter:checked').length == 0) { alert('{l s='Please accept our terms of use to continue' js=1}'); return false; }" />*}
<button type="submit" name="submitAccount" id="submitAccount" class="exclusive" onclick="if($('#newsletter:checked').length == 0) { alert('{l s='Please accept our terms of use to continue' js=1}'); return false; }">{l s='Register'}<span class="icon-suivant"></span></button>
</div>
</div>
{$HOOK_CREATE_ACCOUNT_FORM_BOTTOM}

62
themes/site_mobile/css/style.css
View File

@ -2252,7 +2252,7 @@ body#module-advsendtoafriend-sendtoafriend-form p.submit{
overflow: auto;
}
body#module-advsendtoafriend-sendtoafriend-form input#submitAddtoafriend,
body#authentication input#submitAccount,
body#authentication button#submitAccount,
body#identity .submit input[type=submit],
body#module-invite-invite-program input#revive,
body#module-invite-invite-program input[type=submit],
@ -2265,7 +2265,7 @@ body#module-invite-invite-program input[type=submit],
border:0px none;
position:relative;
right:0px;
border-radius:0px !important;
border-radius:0px;
background: #565485
}
body#addresses .footer_links a{
@ -3226,13 +3226,16 @@ body#module-invite-invite-program #idTab1 p.bold.message{
border-bottom:2px solid #e36ea2;
padding:10px;
}
body#authentication #columns .content #center_column #account-creation_form p.checkbox,
body#password p.checkbox,
body#identity p.checkbox,
body#order p.checkbox,
body#module-invite-invite-program #idTab1 p.checkbox{
display: table-row;
}
body#authentication #columns .content #center_column #account-creation_form p.checkbox{
display: block;
margin: 17px 0;
}
body#authentication #columns .content #center_column #account-creation_form p.checkbox span,
body#password p.checkbox span,
body#identity p.checkbox span,
@ -3386,17 +3389,19 @@ body#authentication #columns .content #center_column #account-creation_form .acc
body#authentication #columns .content #center_column #account-creation_form{
font-size:14px;
}
body#authentication #columns .content #center_column #account-creation_form p.checkbox .input,
body#authentication #columns .content #center_column #account-creation_form p.checkbox .condition{
body#authentication #columns .content #center_column #account-creation_form p.checkbox .input{
padding-top:10px;
}
body#authentication #columns .content #center_column #account-creation_form p.checkbox .condition{
}
body#authentication span.required_info{
display: block;
color:#e36ea2;
padding-bottom:20px;
display: none;
}
body#authentication form#account-creation_form .cart_navigation div.gradient{
float:right;
text-align: center;
width: 60%;
}
body#discount table.discount tr{
@ -5366,3 +5371,42 @@ body#order-detail table#order-product tbody tr.item tr.title span.quantity{
right: 0;
z-index: 8;
}
#authentication #account-creation_container{
width: 80%;
margin: 0 auto;
}
#authentication #account-creation_container input[type=email],
#authentication #account-creation_container input[type=text],
#authentication #account-creation_container input[type=password]{
background: #f0f0f0;
border: none;
font-family: Century Gothic,CenturyGothic,AppleGothic,sans-serif;
}
#authentication #account-creation_container input::placeholder
{
color: #a6a6a6;
}
#authentication #account-creation_container p.text,
#authentication #account-creation_container p.password{
border-bottom: 1px solid #565385;
margin-bottom: 12px;
padding-bottom: 1px;
}
#authentication #account-creation_container p.checkbox .condition label{
color: #565385;
font-family: Century Gothic,CenturyGothic,AppleGothic,sans-serif;
text-align: justify;
text-justify: inter-word;
font-size: smaller;
}
body#authentication .gradient button#submitAccount{
background:#e36ea2;
-webkit-border-radius: 5px;
-moz-border-radius: 5px;
border-radius: 5px;
}

2
themes/site_mobile/lang/fr.php
View File

@ -97,7 +97,7 @@ $_LANG['authentication_a0bfb8e59e6c13fc8d990781f77694fe'] = 'Continuer';
$_LANG['authentication_6335a00a08fde0fbb8f6d6630cdadd92'] = 'Inscrivez-vous, c\'est gratuit !';
$_LANG['authentication_1e884e3078d9978e216a027ecd57fb34'] = 'E-mail';
$_LANG['authentication_bf2957630c4209f61a388a08c2154915'] = '(5 caractères min.)';
$_LANG['authentication_0ba7583639a274c434bbe6ef797115a4'] = 'S\'inscrire';
$_LANG['authentication_0ba7583639a274c434bbe6ef797115a4'] = 'Je crée mon compte';
$_LANG['authentication_59e7ac55563a4f1fff63c9179e6c8937'] = 'Veuillez accepter nos conditions d\'utilisation pour continuer';
$_LANG['best-sales_3cb29f0ccc5fd220a97df89dafe46290'] = 'Meilleures ventes';
$_LANG['best-sales_32af07c9205de16855c50c3d20a51698'] = 'Pas de meilleure vente pour le moment.';

6
themes/site_mobile/modules/invite/authentication.tpl
View File

@ -1,7 +1,7 @@
<fieldset class="account_creation" {if isset($sponsor_email)} style="display:none;" {/if}>
<p>
<label for="referralprogram">{l s='E-mail address of your sponsor' mod='invite'}</label>
<input type="text" size="52" maxlength="128" class="text" id="referralprogram" name="invite" value="{if isset($sponsor_email)}{$sponsor_email|escape:'htmlall':'UTF-8'}{elseif isset($smarty.post.invite)}{$smarty.post.invite|escape:'htmlall':'UTF-8'}{elseif isset($referralprogram)}{$referralprogram|escape:'htmlall':'UTF-8'}{/if}" />
<p class="text">
{*<label for="referralprogram">{l s='E-mail address of your sponsor' mod='invite'}</label>*}
<input placeholder="{l s='E-mail address of your sponsor' mod='invite'}" type="text" size="52" maxlength="128" class="text" id="referralprogram" name="invite" value="{if isset($sponsor_email)}{$sponsor_email|escape:'htmlall':'UTF-8'}{elseif isset($smarty.post.invite)}{$smarty.post.invite|escape:'htmlall':'UTF-8'}{elseif isset($referralprogram)}{$referralprogram|escape:'htmlall':'UTF-8'}{/if}" />
</p>
</fieldset>
{if isset($tag_auth)}{$tag_auth}{/if}