Bug #87664

fe_login password reset link is double encoded

Added by Nico de Haen 7 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
felogin
Start date:
2019-02-06
Due date:
% Done:

0%

TYPO3 Version:
9
PHP Version:
7.2
Tags:
Complexity:
easy
Is Regression:
Sprint Focus:

Description

The link to reset the password in the mail sent to the user has double encoded keys:

The brackets are encoded as %255B and %255D instead of %5B and %5D.

The 2 places where the link is encoded are:

1. \TYPO3\CMS\Felogin\Controller\FrontendLoginController::generateAndSendHash Line 465

$link = $this->pi_getPageLink($this->frontendController->id, '', [
     rawurlencode($this->prefixId . '[user]') => $user['uid'],
     rawurlencode($this->prefixId . '[forgothash]') => $randHash
 ]);

2. \TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::getTypoLink Line 5573

if (is_array($urlParameters)) {
   if (!empty($urlParameters)) {
        $conf['additionalParams'] .= HttpUtility::buildQueryString($urlParameters, '&');
    }
} else {
        $conf['additionalParams'] .= $urlParameters;
}

This results in a link like:
https://www.domain.com/passwort-reset?tx_felogin_pi1%255Bforgothash%255D=1549484728%7Cd6227774d0afb681a4545755636cc779&tx_felogin_pi1%255Buser%255D=12345&cHash=dc1119c6ac03edaa552a1bb3b5100ed6
instead of
https://www.domain.com/passwort-reset?tx_felogin_pi1%5Bforgothash%5D=1549484755%7Cc4bae072f8d1befd832a75bcb2553905&tx_felogin_pi1%5Buser%5D=12345&cHash=605d05836ede389d767bc518a8c2cfea

I think the rawurlencode of the keys in the FrontendController is superfluous.


Related issues

Related to TYPO3 Core - Bug #87349: FELogin - password recovery / forgot link New 2019-01-07
Related to TYPO3 Core - Bug #87153: Reset password in the `felogin` not working Closed 2018-12-13

History

#1 Updated by Nico de Haen 7 months ago

  • Related to Bug #87349: FELogin - password recovery / forgot link added

#2 Updated by Georg Ringer 7 months ago

  • Status changed from New to Needs Feedback

this has been fixed with #87153, take a look at https://review.typo3.org/#/c/59155/

is this still relevant for you?

#3 Updated by Georg Ringer 7 months ago

  • Related to Bug #87153: Reset password in the `felogin` not working added

#4 Updated by Nico de Haen 7 months ago

No I didn't see the fix, due to the generic subject in the resolved issue (I was looking for password reset link)

So please close this

#5 Updated by Georg Ringer 7 months ago

  • Status changed from Needs Feedback to Closed

Also available in: Atom PDF