Fix for bug 95535: the token generator for password resets is allowing the & character to be used for tokens, but wasn't escaping them for the URL it emailed to users to use to get in to reset their password.

Patch by Dave Miller <justdave@syndicomm.com> r= myk@mozilla.org
author: justdave%syndicomm.com <> 2001-08-16 15:52:55 +0200
committer: justdave%syndicomm.com <> 2001-08-16 15:52:55 +0200
commit: 9700dfd057fe8267b4359d5497b56f0c2c8aa6bb (patch)
tree: 2c240394bb5aa2901a693a660c754f7a351cce96 /Bugzilla
parent: 0bfa7b2752e0f78477fa6ea64b0f6e8eddb4d87c (diff)
download: bugzilla-9700dfd057fe8267b4359d5497b56f0c2c8aa6bb.tar.gz
bugzilla-9700dfd057fe8267b4359d5497b56f0c2c8aa6bb.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index cde97f87e..2d5dad2a3 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -100,6 +100,7 @@ sub MailPasswordToken {
 
     my $urlbase = &::Param("urlbase");
     my $emailsuffix = &::Param('emailsuffix');
+    $token = &::url_quote($token);
 
     open SENDMAIL, "|/usr/lib/sendmail -t";
author	justdave%syndicomm.com <>	2001-08-16 15:52:55 +0200
committer	justdave%syndicomm.com <>	2001-08-16 15:52:55 +0200
commit	9700dfd057fe8267b4359d5497b56f0c2c8aa6bb (patch)
tree	2c240394bb5aa2901a693a660c754f7a351cce96 /Bugzilla
parent	0bfa7b2752e0f78477fa6ea64b0f6e8eddb4d87c (diff)
download	bugzilla-9700dfd057fe8267b4359d5497b56f0c2c8aa6bb.tar.gz bugzilla-9700dfd057fe8267b4359d5497b56f0c2c8aa6bb.tar.xz