SiT! Bugs

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000607SiT!otherpublic2009-03-25 19:302009-08-16 14:39
Reportersmelvin 
Assigned Toivan 
PrioritynormalSeveritytweakReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version3.45 
Target Version3.50Fixed in Version3.50 
Summary0000607: Forgot Password script uses HTTP_REFERER for URI in emails
DescriptionThe forgotpwd.php file uses HTTP_REFERER for sending the reset password or forgot password URI. This is fine if your server is external and it uses FQDN, but it should use the $CONFIG['application_prefix'] variable to ensure consistancy throughout the system. Unfortunately the $CONFIG['application_prefix'] variable doesn't store the URI scheme ie. http or https.

A workaround is to edit the forgotpwd.php file at lines 64 and 98 and replace {$url['scheme']}://{$url['host']} with http://{$CONFIG['application_prefix']} [^]
TagsNo tags attached.
Attached Files

- Relationships
related to 0000682closedivan Bug: Wrong link in emails. When resetting password 

-  Notes
User avatar (0000837)
ivan (administrator)
2009-03-26 10:10

Thanks Scott.
User avatar (0000877)
ivan (administrator)
2009-03-30 21:36

The config variable that should be used is: $CONFIG['application_uriprefix']
User avatar (0001102)
kieran (administrator)
2009-05-26 12:16

Following on from the forum thread about this, does $CONFIG['application_uriprefix'] contain the port too? If not, can it?
User avatar (0001103)
kieran (administrator)
2009-05-26 12:23

After a bit of quick testing, $_SERVER['HTTP_HOST'] returns the port used so we can use that in building the url string.
User avatar (0001158)
ivan (administrator)
2009-05-30 20:30

Fixed in trunk svn r5425
User avatar (0001652)
ivan (administrator)
2009-08-16 14:39

Released in 3.50rc1

- Issue History
Date Modified Username Field Change
2009-03-25 19:30 smelvin New Issue
2009-03-26 10:10 ivan Note Added: 0000837
2009-03-26 10:10 ivan Status new => confirmed
2009-03-26 10:10 ivan Target Version => 3.50
2009-03-30 21:36 ivan Note Added: 0000877
2009-05-03 11:52 paulh Relationship added related to 0000682
2009-05-26 12:16 kieran Note Added: 0001102
2009-05-26 12:23 kieran Note Added: 0001103
2009-05-30 20:04 ivan Status confirmed => assigned
2009-05-30 20:04 ivan Assigned To => ivan
2009-05-30 20:30 ivan Note Added: 0001158
2009-05-30 20:30 ivan Status assigned => resolved
2009-05-30 20:30 ivan Resolution open => fixed
2009-05-30 20:30 ivan Fixed in Version => Current SVN
2009-08-16 13:16 ivan Fixed in Version Current SVN => 3.50
2009-08-16 14:39 ivan Note Added: 0001652
2009-08-16 14:39 ivan Status resolved => closed


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker