diff options
author | justdave%syndicomm.com <> | 2001-08-16 15:52:55 +0200 |
---|---|---|
committer | justdave%syndicomm.com <> | 2001-08-16 15:52:55 +0200 |
commit | 9700dfd057fe8267b4359d5497b56f0c2c8aa6bb (patch) | |
tree | 2c240394bb5aa2901a693a660c754f7a351cce96 | |
parent | 0bfa7b2752e0f78477fa6ea64b0f6e8eddb4d87c (diff) | |
download | bugzilla-9700dfd057fe8267b4359d5497b56f0c2c8aa6bb.tar.gz bugzilla-9700dfd057fe8267b4359d5497b56f0c2c8aa6bb.tar.xz |
Fix for bug 95535: the token generator for password resets is allowing the & character to be used for tokens, but wasn't escaping them for the URL it emailed to users to use to get in to reset their password.
Patch by Dave Miller <justdave@syndicomm.com>
r= myk@mozilla.org
-rw-r--r-- | Bugzilla/Token.pm | 1 | ||||
-rw-r--r-- | Token.pm | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index cde97f87e..2d5dad2a3 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -100,6 +100,7 @@ sub MailPasswordToken { my $urlbase = &::Param("urlbase"); my $emailsuffix = &::Param('emailsuffix'); + $token = &::url_quote($token); open SENDMAIL, "|/usr/lib/sendmail -t"; @@ -100,6 +100,7 @@ sub MailPasswordToken { my $urlbase = &::Param("urlbase"); my $emailsuffix = &::Param('emailsuffix'); + $token = &::url_quote($token); open SENDMAIL, "|/usr/lib/sendmail -t"; |