SiT! Bugs - SiT!
View Issue Details
0000607SiT!otherpublic2009-03-25 19:302009-08-16 14:39
smelvin 
ivan 
normaltweakalways
closedfixed 
3.45 
3.503.50 
0000607: Forgot Password script uses HTTP_REFERER for URI in emails
The forgotpwd.php file uses HTTP_REFERER for sending the reset password or forgot password URI. This is fine if your server is external and it uses FQDN, but it should use the $CONFIG['application_prefix'] variable to ensure consistancy throughout the system. Unfortunately the $CONFIG['application_prefix'] variable doesn't store the URI scheme ie. http or https.

A workaround is to edit the forgotpwd.php file at lines 64 and 98 and replace {$url['scheme']}://{$url['host']} with http://{$CONFIG['application_prefix']} [^]
No tags attached.
related to 0000682closed ivan Bug: Wrong link in emails. When resetting password 
Issue History
2009-03-25 19:30smelvinNew Issue
2009-03-26 10:10ivanNote Added: 0000837
2009-03-26 10:10ivanStatusnew => confirmed
2009-03-26 10:10ivanTarget Version => 3.50
2009-03-30 21:36ivanNote Added: 0000877
2009-05-03 11:52paulhRelationship addedrelated to 0000682
2009-05-26 12:16kieranNote Added: 0001102
2009-05-26 12:23kieranNote Added: 0001103
2009-05-30 20:04ivanStatusconfirmed => assigned
2009-05-30 20:04ivanAssigned To => ivan
2009-05-30 20:30ivanNote Added: 0001158
2009-05-30 20:30ivanStatusassigned => resolved
2009-05-30 20:30ivanResolutionopen => fixed
2009-05-30 20:30ivanFixed in Version => Current SVN
2009-08-16 13:16ivanFixed in VersionCurrent SVN => 3.50
2009-08-16 14:39ivanNote Added: 0001652
2009-08-16 14:39ivanStatusresolved => closed

Notes
(0000837)
ivan   
2009-03-26 10:10   
Thanks Scott.
(0000877)
ivan   
2009-03-30 21:36   
The config variable that should be used is: $CONFIG['application_uriprefix']
(0001102)
kieran   
2009-05-26 12:16   
Following on from the forum thread about this, does $CONFIG['application_uriprefix'] contain the port too? If not, can it?
(0001103)
kieran   
2009-05-26 12:23   
After a bit of quick testing, $_SERVER['HTTP_HOST'] returns the port used so we can use that in building the url string.
(0001158)
ivan   
2009-05-30 20:30   
Fixed in trunk svn r5425
(0001652)
ivan   
2009-08-16 14:39   
Released in 3.50rc1