Bug #42080
closed
Felogin sends password forgotten link that is being cut off by e-mail clients like Hotmail
0%
Description
Because the password forgotten link contains a dash (|) the link is broken in e-mail clients like Hotmail.
This can be fixed by encoding the dash character.
I.e.:
Edit the file: sysext/felogin/pi1/class.tx_felogin_pi1.php
Replace:
$msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password', '', 0), $user['username'], $link, $validEndString);
With:
// BVB Media hack: password forgotten link is being cut off in e-mail clients like Hotmail. We simply replace the dash with an encoded dash to bypass the broken link problem.
$link=str_replace('|',rawurlencode('|'),$link);
$msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password', '', 0), $user['username'], $link, $validEndString);
Updated by Markus Klein over 11 years ago
Hi!
How do you get the pipe symbol into your links at all?
Updated by Bas van Beek over 11 years ago
Thanks Markus for your quick follow-up.
We get that dash by default. And I think we are not the only one. The problem is also being reported in 2011:
http://lists.typo3.org/pipermail/typo3-english/2011-March/073932.html
Looks like Katja had the same issue. The post says that the link is cut off in the middle. That is exactly what we measure, because of the dash.
Below you can see the link that is being sent (without our hack):
Beste bvbmedia@live.nl, U ontvangt deze e-mail als antwoord op uw verzoek om uw wachtwoord aan te passen. Klik op de link hieronder: https://www.parfumoutlet.nl/login/?tx_felogin_pi1%5Buser%5D=85195&tx_felogin_pi1%5Bforgothash%5D=1350523842|d746de76223c4132a46181293d48cc64 Om veiligheidsredenen is deze link geldig tot 2012-10-18 03:30. Wanneer u voor die tijd nog niet op de link geklikt heeft, moet u de procedure voor het aanvragen van een nieuw wachtwoord nogmaals volgen.
Does this help you further?
Updated by Jigal van Hemert over 11 years ago
- Status changed from New to Needs Feedback
- Assignee set to Jigal van Hemert
Can't reproduce this in latest 4.7 release:
Dear jigal, This email was sent in response to your request to reset your password. Please click on the link below. http://localhost47/index.php?id=13&tx_felogin_pi1%5Buser%5D=1&tx_felogin_pi1%5Bforgothash%5D=1350621970%7Caad0325379d11c530a90b8a39fa77360 For security reasons, this link is only active until 2012-10-19 06:46. If you do not visit the link before then, you will need to repeat the password reset steps.
Is it possible that some extension has taken over the password reminder function? Looking at the core code it is very unlikely that the pipe character isn't encoded:
tx_felogin_pi1::generateAndSendHash() generates the link with
tslib_pibase::pi_getPageLink(), which calls
tslib_cObj::getTypoLink_URL(), which calls
tslib_cObj::getTypoLink(), which builds the query string using
t3lib_div::implodeArrayForUrl() which uses rawurlencode() for each value.
Updated by Markus Klein over 11 years ago
Looks like a timestamp made its way into your hash: 1350523842
That's not a Core feature.
Updated by Jigal van Hemert over 11 years ago
@Marcus: yes, that is the timestamp until the link is valid. That is indeed added in the core to the hash in the link.
Updated by Bas van Beek over 11 years ago
This morning we updated TYPO3 from 4.7.4 to 4.7.5, but still have the same issue with the dash.
The list of installed local plugins are:
bvbmedia_default_site
cookie_control
cooluri
facebook_socialplugins
find_and_replace
googleplusone
gridelements
imagecycle
jftcaforms
multishop
multishop_beslist
multishop_google_shopping
multishop_ideal_abnamro
multishop_one_step_checkout
multishop_paypal
multishop_products_review
multishop_tell_a_friend
multishop_ultrasearch
oxylab_stdwrap
parfumoutlet
phpmyadmin
powermail
rzcolorbox
sourceopt
sr_language_menu
static_info_tables
static_info_tables_taxes
t3jquery
t3quixplorer
tq_seo
tscobj
tt_address
I will create a test site, uninstall all of these plugins and see wether it will resolve this problem.
Updated by Jigal van Hemert over 11 years ago
Is the problem still reproducible after the test? Is the link shown correctly in other mail clients (Thunderbird for example)?
Updated by Oliver Salzburg over 11 years ago
Jigal van Hemert wrote:
Is the problem still reproducible after the test? Is the link shown correctly in other mail clients (Thunderbird for example)?
This is from 4.7.7, in Thunderbird, taken a minute ago:
Updated by Jigal van Hemert over 11 years ago
In your screenshot the pipe character ('|') is correctly urlencoded as %7C . You now show the problem with the square brackets, which is issue #23984 and seems to be a bug of some mail clients (such as Thunderbird).
Can we close this issue about the pipe character and use #23984 for the issue with the square brackets?
Updated by Jigal van Hemert about 11 years ago
- Status changed from Needs Feedback to Closed
No feedback received in over 90 days. Closed.