grav-plugin-admin icon indicating copy to clipboard operation
grav-plugin-admin copied to clipboard

Published 20 hours ago verified publisher icon getgrav

Unable to reset a password by a user with a space in their username

Open McLaynV opened this issue 7 months ago • 0 comments

Description

When a user has a space in their username, they are unable to reset a forgotten password.

It looks like some URL (un)escaping issue.

Version

  • Grav v1.7.46
  • Admin v1.10.46

Steps to reproduce

  • Go to https://HOSTNAME/admin/accounts/users/:add to add a new user and fill the form:
    • Username: test T
    • Email: (your email address)
    • Full name: Testor Testorson (or anything else)
  • Go to https://HOSTNAME/admin/forgot to reset a password
    • Username: test T
  • Check your email and go to the reset URL
    • For example: https://HOSTNAME/admin/reset/u/test T/fd16523e91eab7acc748ed01715b1d4c
    • Username is now pre-filled with test%20t (the username is URL-encoded with the space replaced with %20)
    • When you fill a new password and press the button, the RESET_INVALID_LINK error message is shown

McLaynV avatar Jul 06 '24 18:07 McLaynV