Fix for bug 95535: the token generator for password resets is allowing the &…

Fix for bug 95535: the token generator for password resets is allowing the & character to be used for tokens, but wasn't escaping them for the URL it emailed to users to use to get in to reset their password. Patch by Dave Miller <justdave@syndicomm.com> r= myk@mozilla.org

Fix for bug 95535: the token generator for password resets is allowing the &…
9700dfd0 · justdave%syndicomm.com · 0bfa7b27 · 9700dfd0 · 9700dfd0
Commit 9700dfd0 authored Aug 16, 2001 by justdave%syndicomm.com
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

Token.pm Bugzilla/Token.pm +1 -0

Token.pm Token.pm +1 -0

No files found.
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -100,6 +100,7 @@ sub MailPasswordToken {

    my $urlbase = &::Param("urlbase");
    my $emailsuffix = &::Param('emailsuffix');
+    $token = &::url_quote($token);

    open SENDMAIL, "|/usr/lib/sendmail -t";


--- a/Token.pm
+++ b/Token.pm
@@ -100,6 +100,7 @@ sub MailPasswordToken {

    my $urlbase = &::Param("urlbase");
    my $emailsuffix = &::Param('emailsuffix');
+    $token = &::url_quote($token);

    open SENDMAIL, "|/usr/lib/sendmail -t";