Use GET instead of QUERY_STRING

author: Lukas Reschke <lukas@statuscode.ch> 2013-01-19 19:34:36 +0100
committer: Lukas Reschke <lukas@statuscode.ch> 2013-01-19 19:34:40 +0100
commit: c05c8ab077152ccce23e759cdd364ec0d5db5a71 (patch)
tree: a011e7a67f894304910e1083c25540e2bc4a97e1
parent: 6f488e1684c3d7b821cc5d290cd2118e6b8d64af (diff)
download: nextcloud-server-c05c8ab077152ccce23e759cdd364ec0d5db5a71.tar.gz
nextcloud-server-c05c8ab077152ccce23e759cdd364ec0d5db5a71.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/core/lostpassword/templates/resetpassword.php b/core/lostpassword/templates/resetpassword.php
index 56257de7f13..67094e073e1 100644
--- a/core/lostpassword/templates/resetpassword.php
+++ b/core/lostpassword/templates/resetpassword.php
@@ -1,4 +1,4 @@
-<form action="<?php echo 'resetpassword.php?'.$_SERVER['QUERY_STRING']; ?>" method="post">
+<form action="<?php echo 'resetpassword.php?user='.htmlentities($_GET['user']).'&token='.htmlentities($_GET['token']); ?>" method="post">
 	<fieldset>
 		<?php if($_['success']): ?>
 			<h1><?php echo $l->t('Your password was reset'); ?></h1>
author	Lukas Reschke <lukas@statuscode.ch>	2013-01-19 19:34:36 +0100
committer	Lukas Reschke <lukas@statuscode.ch>	2013-01-19 19:34:40 +0100
commit	c05c8ab077152ccce23e759cdd364ec0d5db5a71 (patch)
tree	a011e7a67f894304910e1083c25540e2bc4a97e1
parent	6f488e1684c3d7b821cc5d290cd2118e6b8d64af (diff)
download	nextcloud-server-c05c8ab077152ccce23e759cdd364ec0d5db5a71.tar.gz nextcloud-server-c05c8ab077152ccce23e759cdd364ec0d5db5a71.zip