Password token mails with a token ending in a symbol don't get completely linked in some MUAs

RESOLVED FIXED in Bugzilla 2.18

Status

()

task
RESOLVED FIXED
17 years ago
7 years ago

People

(Reporter: justdave, Assigned: gerv)

Tracking

2.17.3
Bugzilla 2.18
Bug Flags:
approval +

Details

Attachments

(1 attachment)

Exhibit A:

------------------------------------

Subject: Bugzilla Change Password Request
Date: Mon, 10 Feb 2003 21:39:44 -0800 (PST)
From: bugzilla-admin-daemon@netscape.com
To: xxxxxxxx@netscape.com

You (or someone impersonating you) has requested to change your Bugzilla
password.  To change your password, visit the following link:

http://bugscape.nscp.aoltw.net/token.cgi?a=cfmpw&t=e947Pak_

If you are not the person who made this request, or you wish to cancel
this request, visit the following link:

http://bugscape.nscp.aoltw.net/token.cgi?a=cxlpw&t=e947Pak_

If you do nothing, the request will lapse after 3 days
(21:39 on the 13th of February, 2003) or when you log in successfully.

------------------------------------

Neither Eudora nor AOL's mail reader hyperlinked the underscore on the end of
that URL, so clicking the URL in the email resulted in an "invalid or expired
token" response.

Three possible solutions....
1) enclose the link in < >
2) reorder the params so the a= is after the t= so the _ is in the middle of the
URL instead of the end
3) don't let tokens contain symbols as the last character in the token.
I'd go for option 2).

Gerv
If #2 works with those mail readers, then I agree with Gerv.
I hit the same bug a few weeks ago (2004 january) at http://bugs.kde.org/ and 
reported there. They said it was unmodified bugzilla code to be reported here 
instead. So here am I. 
 
The URL I received was  
http://bugs.kde.org/token.cgi?a=cfmpw&t=HD%2AI3x3_ 
 
At first I thought the problem was the percent-prefixed '%2A' . Actually kmail 
ignores the trailing '_' as not being part of the URL, which is why I add a 
comment here instead of creating new bug. Perhaps the %2A *is* also a problem. 
 
Second attempt at changing password yiedled 
http://bugs.kde.org/token.cgi?a=cxlpw&t=txH64Kvq 
which worked.  
 
I cannot reproduce the bug. 
 
I agree with solution #2 from previous comments, but previous comments are a 
year old. Wasn't the solution implemented ? The bug is still marked as new. 
 
Cannot check for bugzilla version number used at http://bugs.kde.org/ . 
 
Thanks for all. 
Posted patch Patch v.1Splinter Review
It just fell through the cracks, that's all.

Here's a patch.

Gerv
Assignee: myk → gerv
Status: NEW → ASSIGNED
Comment on attachment 140981 [details] [diff] [review]
Patch v.1

Oops, forgot to get a review on this simple patch. Myk?

Gerv
Attachment #140981 - Flags: review?(myk)
Comment on attachment 140981 [details] [diff] [review]
Patch v.1

Yup, looks good. r=myk
Attachment #140981 - Flags: review?(myk) → review+
Flags: approval?
Flags: approval? → approval+
Fixed.

Checking in template/en/default/account/email/change-new.txt.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/account/email/change-new.txt.tmpl,v
 <--  change-new.txt.tmpl
new revision: 1.6; previous revision: 1.5
done
Checking in template/en/default/account/email/change-old.txt.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/account/email/change-old.txt.tmpl,v
 <--  change-old.txt.tmpl
new revision: 1.7; previous revision: 1.6
done
Checking in template/en/default/account/password/forgotten-password.txt.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/account/password/forgotten-password.txt.tmpl,v
 <--  forgotten-password.txt.tmpl
new revision: 1.5; previous revision: 1.4
done

Gerv
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Target Milestone: --- → Bugzilla 2.18
*** Bug 240004 has been marked as a duplicate of this bug. ***
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.