From 1575cdb1545006f58a715ed7acd296e73fe6f2ec Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 12 May 2021 09:35:42 +0200
Subject: [PATCH 1/5] remove old call of sanitizeString()

---
 views/bootstrap/class.Login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/views/bootstrap/class.Login.php b/views/bootstrap/class.Login.php
index 8cfa31ff4..eaa0277c7 100644
--- a/views/bootstrap/class.Login.php
+++ b/views/bootstrap/class.Login.php
@@ -123,7 +123,7 @@ $(document).ready( function() {
 <form class="form-horizontal" action="../op/op.Login.php" method="post" name="form1" id="form">
 <?php
 		if ($refer) {
-			echo "<input type='hidden' name='referuri' value='".sanitizeString($refer)."'/>";
+			echo "<input type='hidden' name='referuri' value='".htmlspecialchars($refer)."'/>";
 		}
 		$this->formField(
 			getMLText("user_login"),

From c60f8f660da431ac0232611d44826e520a0db410 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 12 May 2021 09:36:39 +0200
Subject: [PATCH 2/5] fix layout

---
 views/bootstrap/class.ChangePassword.php      | 14 +++++---------
 views/bootstrap/class.ForcePasswordChange.php |  4 ++--
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/views/bootstrap/class.ChangePassword.php b/views/bootstrap/class.ChangePassword.php
index 158f8e462..16fb77807 100644
--- a/views/bootstrap/class.ChangePassword.php
+++ b/views/bootstrap/class.ChangePassword.php
@@ -61,17 +61,13 @@ document.form1.newpassword.focus();
 		$this->contentContainerStart();
 		$this->formField(
 			getMLText("password"),
-			'<input class="pwd" type="password" rel="strengthbar" name="newpassword" id="password">'
+			'<input class="pwd form-control" type="password" rel="strengthbar" name="newpassword" id="password">'
 		);
 		if($passwordstrength > 0) {
-?>
-		<div class="control-group">
-			<label class="control-label"><?php printMLText("password_strength");?>:</label>
-			<div class="controls">
-				<div id="strengthbar" class="progress" style="width: 220px; height: 30px; margin-bottom: 8px;"><div class="bar bar-danger" style="width: 0%;"></div></div>
-			</div>
-		</div>
-<?php
+			$this->formField(
+				getMLText("password_strength"),
+				'<div id="strengthbar" class="progress" style="_width: 220px; height: 30px; margin-bottom: 8px;"><div class="bar bar-danger" style="width: 0%;"></div></div>'
+			);
 		}
 		$this->formField(
 			getMLText("confirm_pwd"),
diff --git a/views/bootstrap/class.ForcePasswordChange.php b/views/bootstrap/class.ForcePasswordChange.php
index c1bf33a31..21fa72f76 100644
--- a/views/bootstrap/class.ForcePasswordChange.php
+++ b/views/bootstrap/class.ForcePasswordChange.php
@@ -93,12 +93,12 @@ $(document).ready( function() {
 		);
 		$this->formField(
 			getMLText("new_password"),
-			'<input class="pwd" type="password" rel="strengthbar" id="pwd" name="pwd" size="30">'
+			'<input class="pwd form-control" type="password" rel="strengthbar" id="pwd" name="pwd">'
 		);
 		if($passwordstrength) {
 			$this->formField(
 				getMLText("password_strength"),
-				'<div id="strengthbar" class="progress" style="width: 220px; height: 30px; margin-bottom: 8px;"><div class="bar bar-danger" style="width: 0%;"></div></div>'
+				'<div id="strengthbar" class="progress" style="_width: 220px; height: 30px; margin-bottom: 8px;"><div class="bar bar-danger" style="width: 0%;"></div></div>'
 			);
 		}
 		$this->formField(

From 1e20ddcddfad352dca587e5f3ea23fcdefdf83cb Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 12 May 2021 09:37:06 +0200
Subject: [PATCH 3/5] remove SeedDMS_AccessOperation

---
 out/out.PasswordSend.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/out/out.PasswordSend.php b/out/out.PasswordSend.php
index 2c45ad807..c4ad611ee 100644
--- a/out/out.PasswordSend.php
+++ b/out/out.PasswordSend.php
@@ -23,6 +23,7 @@ if(!isset($settings))
 require_once("inc/inc.LogInit.php");
 require_once("inc/inc.Language.php");
 require_once("inc/inc.Init.php");
+require_once("inc/inc.DBInit.php");
 require_once("inc/inc.Extension.php");
 require_once("inc/inc.ClassUI.php");
 
@@ -35,9 +36,7 @@ if (isset($_REQUEST["referuri"]) && strlen($_REQUEST["referuri"])>0) {
 }
 $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
 $view = UI::factory($theme, $tmp[1], array('referrer'=>$referrer));
-$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings);
 if($view) {
-	$view->setParam('accessobject', $accessop);
 	$view->setParam('referrer', $referrer);
 	$view($_GET);
 }

From 67511017bd1e06ce097c081cd7df75c29a93dc28 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 12 May 2021 09:37:27 +0200
Subject: [PATCH 4/5] remove SeedDMS_AccessOperation

---
 out/out.ChangePassword.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/out/out.ChangePassword.php b/out/out.ChangePassword.php
index 48003a9b9..35baaff55 100644
--- a/out/out.ChangePassword.php
+++ b/out/out.ChangePassword.php
@@ -44,8 +44,6 @@ if (isset($_REQUEST["hash"]) && strlen($_REQUEST["hash"])>0) {
 
 $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
 $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'referuri'=>$referuri, 'hash'=>$hash, 'passwordstrength'=>$settings->_passwordStrength));
-$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings);
 if($view) {
-	$view->setParam('accessobject', $accessop);
 	$view($_GET);
 }

From 9a417a94600bc2c2612cb41975666787b4e84c8e Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 12 May 2021 09:37:48 +0200
Subject: [PATCH 5/5] include inc/inc.ClassAccessOperation.php

---
 op/op.ChangePassword.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/op/op.ChangePassword.php b/op/op.ChangePassword.php
index f2c9aa5ca..da4c6f32c 100644
--- a/op/op.ChangePassword.php
+++ b/op/op.ChangePassword.php
@@ -27,6 +27,7 @@ include("../inc/inc.Extension.php");
 include("../inc/inc.ClassSession.php");
 include("../inc/inc.DBInit.php");
 include("../inc/inc.ClassUI.php");
+require_once("../inc/inc.ClassAccessOperation.php");
 
 function _printMessage($heading, $message) {