From 9700dfd057fe8267b4359d5497b56f0c2c8aa6bb Mon Sep 17 00:00:00 2001 From: "justdave%syndicomm.com" <> Date: Thu, 16 Aug 2001 13:52:55 +0000 Subject: Fix for bug 95535: the token generator for password resets is allowing the & character to be used for tokens, but wasn't escaping them for the URL it emailed to users to use to get in to reset their password. Patch by Dave Miller r= myk@mozilla.org --- Bugzilla/Token.pm | 1 + Token.pm | 1 + 2 files changed, 2 insertions(+) diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index cde97f87e..2d5dad2a3 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -100,6 +100,7 @@ sub MailPasswordToken { my $urlbase = &::Param("urlbase"); my $emailsuffix = &::Param('emailsuffix'); + $token = &::url_quote($token); open SENDMAIL, "|/usr/lib/sendmail -t"; diff --git a/Token.pm b/Token.pm index cde97f87e..2d5dad2a3 100644 --- a/Token.pm +++ b/Token.pm @@ -100,6 +100,7 @@ sub MailPasswordToken { my $urlbase = &::Param("urlbase"); my $emailsuffix = &::Param('emailsuffix'); + $token = &::url_quote($token); open SENDMAIL, "|/usr/lib/sendmail -t"; -- cgit v1.2.3-24-g4f1b