From: justdave%syndicomm.com <>
Date: Thu, 16 Aug 2001 13:52:55 +0000 (+0000)
Subject: Fix for bug 95535: the token generator for password resets is allowing the & characte... 
X-Git-Tag: bugzilla-2.14~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9700dfd057fe8267b4359d5497b56f0c2c8aa6bb;p=thirdparty%2Fbugzilla.git

Fix for bug 95535: the token generator for password resets is allowing the & character to be used for tokens, but wasn't escaping them for the URL it emailed to users to use to get in to reset their password.
Patch by Dave Miller <justdave@syndicomm.com>
r= myk@mozilla.org
---

diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index cde97f87e9..2d5dad2a33 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -100,6 +100,7 @@ sub MailPasswordToken {
 
     my $urlbase = &::Param("urlbase");
     my $emailsuffix = &::Param('emailsuffix');
+    $token = &::url_quote($token);
 
     open SENDMAIL, "|/usr/lib/sendmail -t";
 
diff --git a/Token.pm b/Token.pm
index cde97f87e9..2d5dad2a33 100644
--- a/Token.pm
+++ b/Token.pm
@@ -100,6 +100,7 @@ sub MailPasswordToken {
 
     my $urlbase = &::Param("urlbase");
     my $emailsuffix = &::Param('emailsuffix');
+    $token = &::url_quote($token);
 
     open SENDMAIL, "|/usr/lib/sendmail -t";