From e357d1cb91b5979a09bd9d75facb3a61dfadb7f3 Mon Sep 17 00:00:00 2001
From: billchenchina <billchenchina2001@gmail.com>
Date: Thu, 9 Sep 2021 21:38:08 +0800
Subject: [PATCH] fix(web): json_encode for REQUEST_URI enter in
 /reset-password

Ref: https://huntr.dev/bounties/75bd6901-5760-412d-96fc-b664e4644fea/
---
 web/app/controllers/reset_pw.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/app/controllers/reset_pw.php b/web/app/controllers/reset_pw.php
index 4bf64decd..848aff1a8 100644
--- a/web/app/controllers/reset_pw.php
+++ b/web/app/controllers/reset_pw.php
@@ -63,7 +63,7 @@ function validateResetPwPost() {
 		if (!validateResetPwPost()) {
 			return false;
 		}
-		$.post('<?=$_SERVER['REQUEST_URI']?>', {
+		$.post(json_encode(<?=$_SERVER['REQUEST_URI']?>), {
 			reset : '',
 			newPW : md5($('#input-password').val(), "<?= getPasswordClientSalt() ?>")
 		}, function(res) {