The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
verification links not url-encoded
#1
I added a test user and used the + type of email address (xyz+abc@gmail.com) which allows my xyz@gmail.com address suddenly be multiplied into as many test emails as I want. However, the resulting verification link in the verification email looks like this:

http://localhost/imok/users/verify.php?e...ode=235269

The plus sign is in there, unencoded and I get an error when I click on it - unsuccessful verification.

When I manually copy/paste the link and edit the + sign to {3bc1fe685386cc4c3ab89a3f76566d8931e181ad17f08aed9ad73b30bf28114d}2b (practically speaking url-encoding it) then it works fine:

http://localhost/imok/users/verify.php?e...ode=235269

Something dimly rings a bell in the back of my mind that + is a non-standard google extension to valid email address characters, so an argument could be made that this isn't really a bug. I'm guessing with enough persistence and creativity I could come up with another use-case using standard email address characters that do need to be url-encoded. However, for now I'll be willing to agree that this is pretty close to the edge in terms of edge conditions.
  Reply


Messages In This Thread
verification links not url-encoded - by plb - 08-25-2016, 06:38 PM
verification links not url-encoded - by mudmin - 09-08-2016, 12:13 AM
verification links not url-encoded - by brian - 09-08-2016, 12:13 AM
verification links not url-encoded - by plb - 09-08-2016, 05:01 AM

Forum Jump:


Users browsing this thread: 4 Guest(s)