Fix forgot/reset password process of sending escaped HTML emails

classes/controller.php

@@ -559,7 +559,7 @@ class AdminController
      */
     public function taskReset()
     {
-        $data = $this->post;
+        $data = $this->data;
 
         if (isset($data['password'])) {
             $username = isset($data['username']) ? $data['username'] : null;
@@ -607,6 +607,8 @@ class AdminController
                 $this->setRedirect('/forgot');
 
                 return true;
+            } else {
+                $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.RESET_NEW_PASSWORD'), 'info');
             }
 
             $this->admin->forgot = ['username' => $user, 'token' => $token];

languages/en.yaml

@@ -11,6 +11,7 @@ PLUGIN_ADMIN:
   LOGIN_LOGGED_IN: "You have been successfully logged in"
   LOGIN_FAILED: "Login failed"
   LOGGED_OUT: "You have been logged out"
+  RESET_NEW_PASSWORD: "Please enter a new password …"
   RESET_LINK_EXPIRED: "Reset link has expired, please try again"
   RESET_PASSWORD_RESET: "Password has been reset"
   RESET_INVALID_LINK: "Invalid reset link used, please try again"

themes/grav/templates/email/base.html.twig

@@ -159,7 +159,7 @@
                 <table>
                     <tr>
                         <td>
-                            {{ content }}
+                            {{ content|raw }}
                         </td>
                     </tr>
                 </table>
@@ -179,7 +179,7 @@
                 <table>
                     <tr>
                         <td align="center">
-                            {{ 'PLUGIN_ADMIN.EMAIL_FOOTER'|tu }}
+                            {{ 'PLUGIN_ADMIN.EMAIL_FOOTER'|tu|raw }}
                         </td>
                     </tr>
                 </table>

themes/grav/templates/email/reset.html.twig

@@ -1,12 +0,0 @@
-{% extends 'email/base.html.twig' %}
-
-{% block content %}
-    <p>Dear {{ name }},</p>
-
-    <p>To reset your password, follow <a href="{{ reset_link }}">this link</a> or copy the following URL into your browser's address bar: {{ reset_link }}.</p>
-
-    <p>
-        Kind regards<br />
-        {{ author }}
-    </p>
-{% endblock %}