Users with a + in their email address are unable to reset their passwords

RESOLVED FIXED in Bugzilla 3.6

Status

()

--
major
RESOLVED FIXED
8 years ago
6 years ago

People

(Reporter: justdave, Assigned: glob)

Tracking

Bugzilla 3.6
Dependency tree / graph
Bug Flags:
approval +
approval4.0 +
approval3.6 +

Details

Attachments

(3 attachments, 1 obsolete attachment)

Created attachment 528826 [details]
screenshot of error message

Going by the attached error screenshot it looks like a + in an email address is getting unescaped somehow when it shouldn't be (and thus getting treated as a space).
Assignee: nobody → glob
i'm able to create new accounts with a + in the email address, and login as an existing account which contains a +.

do you have steps to reproduce?

Comment 2

8 years ago
WFM upstream. Maybe the guy typed his email address in the URL bar directly, in which case an unescaped + means a whitespace.
i've tested all points where we throw that error and it's working for me too.

nukeador, please reopen this bug if you are still having problems.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → WORKSFORME
I have my bugzilla session opened at home and I will be able to answer you guys till it expires, but I'm unable to log in using a clean session, same error. Tested from 2 computer and 2 different browsers.

I think the problem is that first I get an error about my password it's less than 8 characters long and then it points me to request a new password:

https://bugzilla.mozilla.org/token.cgi?a=reqpw&loginname=my+email@gmail.com

Where I get the error and I can't continue or log in.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
thanks rubén, that helps a lot :)
Summary: Users with a + in their email address are unable to access Bugzilla → Users with a + in their email address are unable to reset their passwords
Created attachment 528892 [details] [diff] [review]
patch for 4.0, v1

fixes quoting of text in error messages.
Attachment #528892 - Flags: review?(LpSolit)
Component: General → Bugzilla-General
Product: bugzilla.mozilla.org → Bugzilla
QA Contact: general → default-qa
Version: Current → 4.0

Updated

8 years ago
Severity: critical → major
Status: REOPENED → ASSIGNED
Component: Bugzilla-General → User Accounts
Target Milestone: --- → Bugzilla 4.0

Comment 7

8 years ago
Comment on attachment 528892 [details] [diff] [review]
patch for 4.0, v1

You need a separate patch for 4.1, as FILTER url_quote has been killed in favor of FILTER uri (see bug 398701). r=LpSolit for 4.0.2.
Attachment #528892 - Attachment description: patch v1 → patch for 4.0, v1
Attachment #528892 - Flags: review?(LpSolit) → review+
Created attachment 528909 [details] [diff] [review]
patch for 4.1, v1
Attachment #528909 - Flags: review?(LpSolit)
Comment on attachment 528909 [details] [diff] [review]
patch for 4.1, v1

oops
Attachment #528909 - Attachment is obsolete: true
Attachment #528909 - Flags: review?(LpSolit)
Created attachment 528910 [details] [diff] [review]
patch for 4.1, v2

<LpSolit> r+ with the first block removed
Attachment #528910 - Flags: review+

Updated

8 years ago
Flags: approval4.0+
Flags: approval+
The patch for 4.0 applies cleanly to 3.6.5, so let's take it on this branch too. I know the 3.6 branch is restricted to security bugs, but not being able to log in is a major issue, and we cannot leave users out of the game. Bugzilla 3.4 is not affected.
Flags: approval3.6+
Target Milestone: Bugzilla 4.0 → Bugzilla 3.6
(In reply to comment #11)

Agreed
Committing to: bzr+ssh://bjones%40mozilla.com@bzr.mozilla.org/bugzilla/3.6/
modified template/en/default/global/user-error.html.tmpl
Committed revision 7248.

Committing to: bzr+ssh://bjones%40mozilla.com@bzr.mozilla.org/bugzilla/4.0/
modified template/en/default/global/user-error.html.tmpl
Committed revision 7590.

Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/trunk/
modified template/en/default/global/user-error.html.tmpl
Committed revision 7805.
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago8 years ago
Resolution: --- → FIXED

Updated

6 years ago
Blocks: 798994
You need to log in before you can comment on or make changes to this bug.