The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
verification links not url-encoded
#1
I added a test user and used the + type of email address (xyz+abc@gmail.com) which allows my xyz@gmail.com address suddenly be multiplied into as many test emails as I want. However, the resulting verification link in the verification email looks like this:

http://localhost/imok/users/verify.php?e...ode=235269

The plus sign is in there, unencoded and I get an error when I click on it - unsuccessful verification.

When I manually copy/paste the link and edit the + sign to {3bc1fe685386cc4c3ab89a3f76566d8931e181ad17f08aed9ad73b30bf28114d}2b (practically speaking url-encoding it) then it works fine:

http://localhost/imok/users/verify.php?e...ode=235269

Something dimly rings a bell in the back of my mind that + is a non-standard google extension to valid email address characters, so an argument could be made that this isn't really a bug. I'm guessing with enough persistence and creativity I could come up with another use-case using standard email address characters that do need to be url-encoded. However, for now I'll be willing to agree that this is pretty close to the edge in terms of edge conditions.
  Reply
#2
Thanks for this one too! We're adding it to 4.1.5!
  Reply
#3
Hi plb, that's a big oversight on our part and should be fixed. Thanks for pointing that one out.
  Reply
#4
I ran into this on password reset email as well. Don't know if it's too late to get in 4.1.5.
  Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)