Bug #87403

felogin: password forgotten form is not displayed after clicking link in email - double encoded forgothash

Added by Markus Eckert 6 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
felogin
Target version:
Start date:
2019-01-11
Due date:
% Done:

0%

TYPO3 Version:
9
PHP Version:
7.2
Tags:
felogin bug double rawurlencoded
Complexity:
easy
Is Regression:
Yes
Sprint Focus:

Description

Hello,
i use the felogin extension for the first time in a TYPO3 v9 installation. When testing the "password forgotten" function I found a bug:

After clicking on link in "password forgotten" e-mail, the login form will be displayed instead of the password change form.
It seems to be that the link with the forgothash is double encoded. The following changes in the core sysext felogin has solved the problem for me:

File path:

typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php

Line 466-467, old code:

rawurlencode($this->prefixId . '[user]') => $user['uid'],
rawurlencode($this->prefixId . '[forgothash]') => $randHash

Corrected code:

$this->prefixId . '[user]' => $user['uid'],
$this->prefixId . '[forgothash]' => $randHash

Without rawurlencode() the link works as desired. I would be happy if you would check and correct this.


Related issues

Related to TYPO3 Core - Task #83334: GeneralUtility::implodeArrayForUrl should always encode param-names Closed 2017-12-14
Duplicates TYPO3 Core - Bug #87153: Reset password in the `felogin` not working Closed 2018-12-13

History

#1 Updated by Georg Ringer 6 months ago

  • Status changed from New to Closed
  • Is Regression set to Yes

closing it as duplicate of #87153, regression of #83334

#2 Updated by Georg Ringer 6 months ago

  • Related to Task #83334: GeneralUtility::implodeArrayForUrl should always encode param-names added

#3 Updated by Georg Ringer 6 months ago

  • Duplicates Bug #87153: Reset password in the `felogin` not working added

Also available in: Atom PDF