| Anonymous | Login | Signup for a new account | 2020-05-26 20:19 BST |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0000607 | SiT! | other | public | 2009-03-25 19:30 | 2009-08-16 14:39 | ||||
| Reporter | smelvin | ||||||||
| Assigned To | ivan | ||||||||
| Priority | normal | Severity | tweak | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 3.45 | ||||||||
| Target Version | 3.50 | Fixed in Version | 3.50 | ||||||
| Summary | 0000607: Forgot Password script uses HTTP_REFERER for URI in emails | ||||||||
| Description | The forgotpwd.php file uses HTTP_REFERER for sending the reset password or forgot password URI. This is fine if your server is external and it uses FQDN, but it should use the $CONFIG['application_prefix'] variable to ensure consistancy throughout the system. Unfortunately the $CONFIG['application_prefix'] variable doesn't store the URI scheme ie. http or https. A workaround is to edit the forgotpwd.php file at lines 64 and 98 and replace {$url['scheme']}://{$url['host']} with http://{$CONFIG['application_prefix']} [^] | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
 Notes |
|
 (0000837)ivan (administrator) 2009-03-26 10:10 |
Thanks Scott. |
|
(0000877) ivan (administrator) 2009-03-30 21:36 |
The config variable that should be used is: $CONFIG['application_uriprefix'] |
 (0001102)kieran (administrator) 2009-05-26 12:16 |
Following on from the forum thread about this, does $CONFIG['application_uriprefix'] contain the port too? If not, can it? |
|
(0001103) kieran (administrator) 2009-05-26 12:23 |
After a bit of quick testing, $_SERVER['HTTP_HOST'] returns the port used so we can use that in building the url string. |
|
(0001158) ivan (administrator) 2009-05-30 20:30 |
Fixed in trunk svn r5425 |
|
(0001652) ivan (administrator) 2009-08-16 14:39 |
Released in 3.50rc1 |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-03-25 19:30 | smelvin | New Issue | |
| 2009-03-26 10:10 | ivan | Note Added: 0000837 | |
| 2009-03-26 10:10 | ivan | Status | new => confirmed |
| 2009-03-26 10:10 | ivan | Target Version | => 3.50 |
| 2009-03-30 21:36 | ivan | Note Added: 0000877 | |
| 2009-05-03 11:52 | paulh | Relationship added | related to 0000682 |
| 2009-05-26 12:16 | kieran | Note Added: 0001102 | |
| 2009-05-26 12:23 | kieran | Note Added: 0001103 | |
| 2009-05-30 20:04 | ivan | Status | confirmed => assigned |
| 2009-05-30 20:04 | ivan | Assigned To | => ivan |
| 2009-05-30 20:30 | ivan | Note Added: 0001158 | |
| 2009-05-30 20:30 | ivan | Status | assigned => resolved |
| 2009-05-30 20:30 | ivan | Resolution | open => fixed |
| 2009-05-30 20:30 | ivan | Fixed in Version | => Current SVN |
| 2009-08-16 13:16 | ivan | Fixed in Version | Current SVN => 3.50 |
| 2009-08-16 14:39 | ivan | Note Added: 0001652 | |
| 2009-08-16 14:39 | ivan | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2020 MantisBT Team |
|