summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2001-08-16 15:52:55 +0200
committerjustdave%syndicomm.com <>2001-08-16 15:52:55 +0200
commit9700dfd057fe8267b4359d5497b56f0c2c8aa6bb (patch)
tree2c240394bb5aa2901a693a660c754f7a351cce96
parent0bfa7b2752e0f78477fa6ea64b0f6e8eddb4d87c (diff)
downloadbugzilla-9700dfd057fe8267b4359d5497b56f0c2c8aa6bb.tar.gz
bugzilla-9700dfd057fe8267b4359d5497b56f0c2c8aa6bb.tar.xz
Fix for bug 95535: the token generator for password resets is allowing the & character to be used for tokens, but wasn't escaping them for the URL it emailed to users to use to get in to reset their password.
Patch by Dave Miller <justdave@syndicomm.com> r= myk@mozilla.org
-rw-r--r--Bugzilla/Token.pm1
-rw-r--r--Token.pm1
2 files changed, 2 insertions, 0 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index cde97f87e..2d5dad2a3 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -100,6 +100,7 @@ sub MailPasswordToken {
my $urlbase = &::Param("urlbase");
my $emailsuffix = &::Param('emailsuffix');
+ $token = &::url_quote($token);
open SENDMAIL, "|/usr/lib/sendmail -t";
diff --git a/Token.pm b/Token.pm
index cde97f87e..2d5dad2a3 100644
--- a/Token.pm
+++ b/Token.pm
@@ -100,6 +100,7 @@ sub MailPasswordToken {
my $urlbase = &::Param("urlbase");
my $emailsuffix = &::Param('emailsuffix');
+ $token = &::url_quote($token);
open SENDMAIL, "|/usr/lib/sendmail -t";