diff options
| author | justdave%syndicomm.com <> | 2001-08-16 13:52:55 +0000 |
|---|---|---|
| committer | justdave%syndicomm.com <> | 2001-08-16 13:52:55 +0000 |
| commit | 9700dfd057fe8267b4359d5497b56f0c2c8aa6bb (patch) | |
| tree | 2c240394bb5aa2901a693a660c754f7a351cce96 | |
| parent | 0bfa7b2752e0f78477fa6ea64b0f6e8eddb4d87c (diff) | |
| download | bugs-9700dfd057fe8267b4359d5497b56f0c2c8aa6bb.tar bugs-9700dfd057fe8267b4359d5497b56f0c2c8aa6bb.tar.gz bugs-9700dfd057fe8267b4359d5497b56f0c2c8aa6bb.tar.bz2 bugs-9700dfd057fe8267b4359d5497b56f0c2c8aa6bb.tar.xz bugs-9700dfd057fe8267b4359d5497b56f0c2c8aa6bb.zip | |
Fix for bug 95535: the token generator for password resets is allowing the & character to be used for tokens, but wasn't escaping them for the URL it emailed to users to use to get in to reset their password.
Patch by Dave Miller <justdave@syndicomm.com>
r= myk@mozilla.org
| -rw-r--r-- | Bugzilla/Token.pm | 1 | ||||
| -rw-r--r-- | Token.pm | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index cde97f87e..2d5dad2a3 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -100,6 +100,7 @@ sub MailPasswordToken { my $urlbase = &::Param("urlbase"); my $emailsuffix = &::Param('emailsuffix'); + $token = &::url_quote($token); open SENDMAIL, "|/usr/lib/sendmail -t"; @@ -100,6 +100,7 @@ sub MailPasswordToken { my $urlbase = &::Param("urlbase"); my $emailsuffix = &::Param('emailsuffix'); + $token = &::url_quote($token); open SENDMAIL, "|/usr/lib/sendmail -t"; |