Bug: Reset Passwd String in Oops Message is not URL Encoded
I've got a problem with the oopsresetpasswd template; sometimes, users call the
ResetPassword and generate an encrypted password that contains a '+'. The oopsresetpasswd template fails to display this correctly, and I've got to go to the apache log to find out what the generated passwd entry was.
I transposed the link used at my site for TWiki.org :
http://twiki.org/cgi-bin/oops/Main/TestAccount2?template=oopsresetpasswd¶m1=TestAccount2:{SHA}qZk%2BNkcGgWq6PiVxeFDCbJzQ2J0=. It fails to display correctly here too.
However, the
ResetPassword seems to encrypt passwords differently to my site, so I couldn't reproduce this with a real user account at TWiki.org.
my config:
- Apache 1.3.28
- Activate state perl 5.6.1
- TWiki 01Feb2003
- Windows 2000
--
JeanMarieClement - 10 Nov 2003
This sounds like a bug. The encoded strings needs to be URL encoded before passing it on to the oops dialog.
--
PeterThoeny - 10 Nov 2003
This is now fixed, in
TWikiAlphaRelease and at TWiki.org.
Test:
https://twiki.org/cgi-bin/view/Codev/UrlEncodeTesting?urlencode=aaaaa%2Bzzzzz
Fix in
lib/TWiki.pm
, indicated in
red color:
# =========================
# Encode URLs
sub handleUrlEncode
{
my( $theStr, $doExtract ) = @_;
$theStr = extractNameValuePair( $theStr ) if( $doExtract );
$theStr =~ s/[\n\r]/\%3Cbr\%20\%3E/g;
$theStr =~ s/\s+/\%20/g;
$theStr =~ s/\"/\%22/g;
$theStr =~ s/\&/\%26/g;
$theStr =~ s/\+/\%2B/g;
$theStr =~ s/\</\%3C/g;
$theStr =~ s/\>/\%3E/g;
# Encode characters with 8th bit set (ASCII-derived charsets only)
$theStr =~ s/([\x7f-\xff])/'%' . unpack( "H*", $1 ) /ge;
return $theStr;
}
--
PeterThoeny - 11 Nov 2003