Fix merge errors

This commit is contained in:
Sebastiaan Janssen
2017-01-21 19:16:11 +01:00
parent e8565650e4
commit b3b01021d7
3 changed files with 24 additions and 5 deletions
@@ -1,11 +1,12 @@
@using OurUmbraco.Our.Controllers
@using reCAPTCHA.MVC
@inherits UmbracoViewPage<Umbraco.Web.Models.LoginModel>
@{
Html.EnableClientValidation(true);
Html.EnableUnobtrusiveJavaScript(true);
}
@if (TempData["Success"] == null)
@if (Request.QueryString["success"] == null)
{
<div class="form simpleForm" id="registrationForm">
@using (Html.BeginUmbracoForm<LoginController>("ForgotPassword"))
@@ -22,6 +23,12 @@
</p>
</fieldset>
<fieldset>
<p>
@Html.Recaptcha()
@Html.ValidationMessage("ReCaptcha")
</p>
</fieldset>
<input class="button green" type="submit" value="Retrieve password">
}
</div>
@@ -1,11 +1,12 @@
@using OurUmbraco.Our.Controllers
@using reCAPTCHA.MVC
@inherits UmbracoViewPage<Umbraco.Web.Models.LoginModel>
@{
Html.EnableClientValidation(true);
Html.EnableUnobtrusiveJavaScript(true);
}
<fi class="form simpleForm" id="registrationForm">
<div class="form simpleForm" id="registrationForm">
@using (Html.BeginUmbracoForm<LoginController>("Login"))
{
@Html.ValidationSummary(true)
@@ -13,7 +14,7 @@
<fieldset>
<p>
@Html.LabelFor(m => m.Username, new { @cless = "inputLabel" })<br />
@Html.LabelFor(m => m.Username, new { @class = "inputLabel" })<br />
@Html.ValidationMessageFor(m => m.Username)
@Html.TextBoxFor(m => m.Username, new { @class = "email title" })
@@ -22,9 +23,15 @@
<fieldset>
<p>
@Html.LabelFor(m => m.Password, new { @cless = "inputLabel" })<br />
@Html.LabelFor(m => m.Password, new { @class = "inputLabel" })<br />
@Html.ValidationMessageFor(m => m.Password)
@Html.PasswordFor(m => m.Password, new { @cless = "password title" })
@Html.PasswordFor(m => m.Password, new { @class = "password title" })
</p>
</fieldset>
<fieldset>
<p>
@Html.Recaptcha()
@Html.ValidationMessage("ReCaptcha")
</p>
</fieldset>
@@ -13,6 +13,11 @@ namespace OurUmbraco.Our.Controllers
[ChildActionOnly]
public ActionResult Render(string q, string cat = "", string order = "", int fid = 0, bool solved = false, bool replies = false)
{
// A particular SQL injection attack uses this query which takes very long to process, turning it into and easy DOS attack
// /search?q=999999.9' /**/uNiOn/**/aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39,0x39313335313435363231352e39 and '0'='0--
if (q.Contains("0x393133353134353632392e39"))
Response.Redirect("/search?q=");
var umbracoPage = UmbracoContext.PublishedContentRequest.PublishedContent;
var nodeTypeAlias = cat;