[BUGFIX] Add urldecode for the forgotHash in FrontendLoginController 84/47084/4
authorZsolt Molnar <zsolt.molnar@arxia.com>
Wed, 3 Feb 2016 10:48:26 +0000 (12:48 +0200)
committerJan Helke <typo3@helke.de>
Sun, 6 Mar 2016 12:42:04 +0000 (13:42 +0100)
The GET parameter forgothash had to be urlencoded in order to provide
proper, clickable links in emails.
Exploding the hash at the pipe sign broke because it got encoded, thus
no pipe to explode by.

This fix applies a rawurldecode at the explode to avoid side effects.

Resolves: #73060
Releases: master, 7.6
Change-Id: Iffb0db26b591b26ed4c2bf78aa50c8bf1addec2b
Reviewed-on: https://review.typo3.org/47084
Reviewed-by: Eugen Lang <laeu1011+gerrit@gmail.com>
Tested-by: Eugen Lang <laeu1011+gerrit@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Jan Helke <typo3@helke.de>
Tested-by: Jan Helke <typo3@helke.de>
typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php

index df2977f..c26d936 100644 (file)
@@ -301,7 +301,7 @@ class FrontendLoginController extends \TYPO3\CMS\Frontend\Plugin\AbstractPlugin
         $markerArray['###BACKLINK_LOGIN###'] = '';
         $uid = $this->piVars['user'];
         $piHash = $this->piVars['forgothash'];
-        $hash = explode('|', $piHash);
+        $hash = explode('|', rawurldecode($piHash));
         if ((int)$uid === 0) {
             $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
                 'change_password_notvalid_message',