Exhibit A: ------------------------------------ Subject: Bugzilla Change Password Request Date: Mon, 10 Feb 2003 21:39:44 -0800 (PST) From: email@example.com To: firstname.lastname@example.org You (or someone impersonating you) has requested to change your Bugzilla password. To change your password, visit the following link: http://bugscape.nscp.aoltw.net/token.cgi?a=cfmpw&t=e947Pak_ If you are not the person who made this request, or you wish to cancel this request, visit the following link: http://bugscape.nscp.aoltw.net/token.cgi?a=cxlpw&t=e947Pak_ If you do nothing, the request will lapse after 3 days (21:39 on the 13th of February, 2003) or when you log in successfully. ------------------------------------ Neither Eudora nor AOL's mail reader hyperlinked the underscore on the end of that URL, so clicking the URL in the email resulted in an "invalid or expired token" response. Three possible solutions.... 1) enclose the link in < > 2) reorder the params so the a= is after the t= so the _ is in the middle of the URL instead of the end 3) don't let tokens contain symbols as the last character in the token.
I'd go for option 2). Gerv
If #2 works with those mail readers, then I agree with Gerv.
I hit the same bug a few weeks ago (2004 january) at http://bugs.kde.org/ and reported there. They said it was unmodified bugzilla code to be reported here instead. So here am I. The URL I received was http://bugs.kde.org/token.cgi?a=cfmpw&t=HD%2AI3x3_ At first I thought the problem was the percent-prefixed '%2A' . Actually kmail ignores the trailing '_' as not being part of the URL, which is why I add a comment here instead of creating new bug. Perhaps the %2A *is* also a problem. Second attempt at changing password yiedled http://bugs.kde.org/token.cgi?a=cxlpw&t=txH64Kvq which worked. I cannot reproduce the bug. I agree with solution #2 from previous comments, but previous comments are a year old. Wasn't the solution implemented ? The bug is still marked as new. Cannot check for bugzilla version number used at http://bugs.kde.org/ . Thanks for all.
It just fell through the cracks, that's all. Here's a patch. Gerv
Assignee: myk → gerv
Status: NEW → ASSIGNED
Comment on attachment 140981 [details] [diff] [review] Patch v.1 Oops, forgot to get a review on this simple patch. Myk? Gerv
Attachment #140981 - Flags: review?(myk)
Comment on attachment 140981 [details] [diff] [review] Patch v.1 Yup, looks good. r=myk
Attachment #140981 - Flags: review?(myk) → review+
Flags: approval? → approval+
Fixed. Checking in template/en/default/account/email/change-new.txt.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/account/email/change-new.txt.tmpl,v <-- change-new.txt.tmpl new revision: 1.6; previous revision: 1.5 done Checking in template/en/default/account/email/change-old.txt.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/account/email/change-old.txt.tmpl,v <-- change-old.txt.tmpl new revision: 1.7; previous revision: 1.6 done Checking in template/en/default/account/password/forgotten-password.txt.tmpl; /cvsroot/mozilla/webtools/bugzilla/template/en/default/account/password/forgotten-password.txt.tmpl,v <-- forgotten-password.txt.tmpl new revision: 1.5; previous revision: 1.4 done Gerv
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Target Milestone: --- → Bugzilla 2.18
*** Bug 240004 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.