Project

General

Profile

Actions

Bug #87664

closed

fe_login password reset link is double encoded

Added by Nico de Haen almost 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
felogin
Start date:
2019-02-06
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
9
PHP Version:
7.2
Tags:
Complexity:
easy
Is Regression:
Sprint Focus:

Description

The link to reset the password in the mail sent to the user has double encoded keys:

The brackets are encoded as %255B and %255D instead of %5B and %5D.

The 2 places where the link is encoded are:

1. \TYPO3\CMS\Felogin\Controller\FrontendLoginController::generateAndSendHash Line 465

$link = $this->pi_getPageLink($this->frontendController->id, '', [
     rawurlencode($this->prefixId . '[user]') => $user['uid'],
     rawurlencode($this->prefixId . '[forgothash]') => $randHash
 ]);

2. \TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::getTypoLink Line 5573

if (is_array($urlParameters)) {
   if (!empty($urlParameters)) {
        $conf['additionalParams'] .= HttpUtility::buildQueryString($urlParameters, '&');
    }
} else {
        $conf['additionalParams'] .= $urlParameters;
}

This results in a link like:
https://www.domain.com/passwort-reset?tx_felogin_pi1%255Bforgothash%255D=1549484728%7Cd6227774d0afb681a4545755636cc779&tx_felogin_pi1%255Buser%255D=12345&cHash=dc1119c6ac03edaa552a1bb3b5100ed6
instead of
https://www.domain.com/passwort-reset?tx_felogin_pi1%5Bforgothash%5D=1549484755%7Cc4bae072f8d1befd832a75bcb2553905&tx_felogin_pi1%5Buser%5D=12345&cHash=605d05836ede389d767bc518a8c2cfea

I think the rawurlencode of the keys in the FrontendController is superfluous.


Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #87349: FELogin - password recovery / forgot linkClosed2019-01-07

Actions
Related to TYPO3 Core - Bug #87153: Reset password in the `felogin` not workingClosed2018-12-13

Actions
Actions

Also available in: Atom PDF