mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-20 10:23:12 +00:00
f4c9ac19cf
This override Django Contrib Auth templates to make them more integrated with the user site. More precisely the breadcrumb now redirects to the index page rather to the Django Contrib Admin index page. *It also fix a security vulnerability in Re2o.* Without this patch users are able to request for a new password AND the existing login name. So just with access to someone mail, it would be possible to hack into his account. And yes, Re2o implements another password system. But this one is not disabled (see by yourself : https://intranet.crans.org/password_reset/). This also is part of the Aube patch-set for Re2o and one of Aube goal is to drop the custom admin password reset system and use the Django Contrib Auth one.
13 lines
359 B
HTML
13 lines
359 B
HTML
{% extends "registration/password_change_form.html" %}
|
|
{% comment %}
|
|
SPDX-License-Identifier: GPL-2.0-or-later
|
|
|
|
Copyright © 2019 Alexandre Iooss
|
|
{% endcomment %}
|
|
{% load i18n %}
|
|
|
|
{% block breadcrumbs %}
|
|
<div class="breadcrumbs">
|
|
<a href="{% url 'index' %}">{% trans 'Home' %}</a> › {% trans 'Password change' %}
|
|
</div>
|
|
{% endblock %}
|