Closed
Bug 95536
Opened 24 years ago
Closed 24 years ago
Password reset issues tokens w/ "&" in them, URL not escaped
Categories
(Bugzilla :: Bugzilla-General, defect)
Bugzilla
Bugzilla-General
Tracking
()
People
(Reporter: justdave, Assigned: justdave)
Details
I requested a password reset on one of the landfill installs and got this:
(you'll have to ignore the fact that someone forgot to set the baseurl in
editparams)
Notice that the token on the end of the URL contains a & in the token, and it
didn't get escaped in the URL.
Date: Wed, 15 Aug 2001 18:26:16 -0700
From: bugzilla-daemon@landfill.tequilarista.org
To: dave@intrec.com
Subject: Bugzilla Change Password Request
You or someone impersonating you has requested to change your Bugzilla
password. To change your password, visit the following link:
http://cvs-mirror.mozilla.org/webtools/bugzilla/token.cgi?a=cfmpw&t=V&l*Cv0w
If you are not the person who made this request, or you wish to cancel
this request, visit the following link:
http://cvs-mirror.mozilla.org/webtools/bugzilla/token.cgi?a=cxlpw&t=V&l*Cv0w
|
Assignee | |
Updated•24 years ago
|
Target Milestone: --- → Bugzilla 2.14
|
|
Assignee | |
Comment 1•24 years ago
|
||
grrrr (double-submitted)
*** This bug has been marked as a duplicate of 95535 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Target Milestone: Bugzilla 2.14 → ---
|
|
Assignee | |
Comment 3•24 years ago
|
||
moving all closed Bugzilla bugs to the new Bugzilla product.
This batch is DUPLICATE/INVALID/WORKSFORME/WONTFIX
reassigning to default owner and QA in case of the bug being reopened.
Clearing milestones, since we really shouldn't have them on these types of
resolutions. Sorry for the spam everyone...
Status: VERIFIED → NEW
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: Bugzilla 2.13 → unspecified
|
||
Updated•13 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•