felogin: password forgotten form is not displayed after clicking link in email - double encoded forgothash
i use the felogin extension for the first time in a TYPO3 v9 installation. When testing the "password forgotten" function I found a bug:
After clicking on link in "password forgotten" e-mail, the login form will be displayed instead of the password change form.
It seems to be that the link with the forgothash is double encoded. The following changes in the core sysext felogin has solved the problem for me:
Line 466-467, old code:
rawurlencode($this->prefixId . '[user]') => $user['uid'], rawurlencode($this->prefixId . '[forgothash]') => $randHash
$this->prefixId . '[user]' => $user['uid'], $this->prefixId . '[forgothash]' => $randHash
Without rawurlencode() the link works as desired. I would be happy if you would check and correct this.