192775 - Password token mails with a token ending in a symbol don't get completely linked in some MUAs

Status: RESOLVED FIXED

(Bugzilla :: Administration, task)

Description

[Dave Miller [:justdave]]

Exhibit A:

------------------------------------

Subject: Bugzilla Change Password Request
Date: Mon, 10 Feb 2003 21:39:44 -0800 (PST)
From: bugzilla-admin-daemon@netscape.com
To: xxxxxxxx@netscape.com

You (or someone impersonating you) has requested to change your Bugzilla
password.  To change your password, visit the following link:

http://bugscape.nscp.aoltw.net/token.cgi?a=cfmpw&t=e947Pak_

If you are not the person who made this request, or you wish to cancel
this request, visit the following link:

http://bugscape.nscp.aoltw.net/token.cgi?a=cxlpw&t=e947Pak_

If you do nothing, the request will lapse after 3 days
(21:39 on the 13th of February, 2003) or when you log in successfully.

------------------------------------

Neither Eudora nor AOL's mail reader hyperlinked the underscore on the end of
that URL, so clicking the URL in the email resulted in an "invalid or expired
token" response.

Three possible solutions....
1) enclose the link in < >
2) reorder the params so the a= is after the t= so the _ is in the middle of the
URL instead of the end
3) don't let tokens contain symbols as the last character in the token.

Comment 1

[Gervase Markham [:gerv]]

I'd go for option 2).

Gerv

Comment 2

[Myk Melez [:myk] [@mykmelez]]

If #2 works with those mail readers, then I agree with Gerv.

Comment 3

[Stéphane Gourichon]

I hit the same bug a few weeks ago (2004 january) at http://bugs.kde.org/ and 
reported there. They said it was unmodified bugzilla code to be reported here 
instead. So here am I. 
 
The URL I received was  
http://bugs.kde.org/token.cgi?a=cfmpw&t=HD%2AI3x3_ 
 
At first I thought the problem was the percent-prefixed '%2A' . Actually kmail 
ignores the trailing '_' as not being part of the URL, which is why I add a 
comment here instead of creating new bug. Perhaps the %2A *is* also a problem. 
 
Second attempt at changing password yiedled 
http://bugs.kde.org/token.cgi?a=cxlpw&t=txH64Kvq 
which worked.  
 
I cannot reproduce the bug. 
 
I agree with solution #2 from previous comments, but previous comments are a 
year old. Wasn't the solution implemented ? The bug is still marked as new. 
 
Cannot check for bugzilla version number used at http://bugs.kde.org/ . 
 
Thanks for all. 

Comment 4

[Gervase Markham [:gerv]]

Attachment: Patch v.1

It just fell through the cracks, that's all.

Here's a patch.

Gerv

Comment 5

[Gervase Markham [:gerv]]

Comment on attachment 140981 [details] [diff] [review]
Patch v.1

Oops, forgot to get a review on this simple patch. Myk?

Gerv

Comment 6

[Myk Melez [:myk] [@mykmelez]]

Comment on attachment 140981 [details] [diff] [review]
Patch v.1

Yup, looks good. r=myk

Comment 7

[Gervase Markham [:gerv]]

Fixed.

Checking in template/en/default/account/email/change-new.txt.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/account/email/change-new.txt.tmpl,v
 <--  change-new.txt.tmpl
new revision: 1.6; previous revision: 1.5
done
Checking in template/en/default/account/email/change-old.txt.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/account/email/change-old.txt.tmpl,v
 <--  change-old.txt.tmpl
new revision: 1.7; previous revision: 1.6
done
Checking in template/en/default/account/password/forgotten-password.txt.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/account/password/forgotten-password.txt.tmpl,v
 <--  forgotten-password.txt.tmpl
new revision: 1.5; previous revision: 1.4
done

Gerv

Comment 8

[Dave Miller [:justdave]]

*** Bug 240004 has been marked as a duplicate of this bug. ***