Skip to content

password reset emails with user+label@host are not correctly URL-encoded #15151

New issue
New issue
Closed
Bug
#15167
Closed
password reset emails with user+label@host are not correctly URL-encoded#15151
Bug
#15167
Assignees
DanielleMaywood
Labels
bug riskProne to bugs
@johnstcn

Description

@johnstcn
johnstcn
opened on Oct 21, 2024

Relates to #14232

After creating a test password reset for a user with email of the form user+label@host, I noticed that the password reset URL was of the form https://<coder-url>/reset-password/change?otp=<random>&email=user+label@host.

This leads to the form not working properly due to the + being interpreted as a space ( ).

We should ensure that any inputs to the password reset URL are URL-encoded.

Metadata

Metadata

Assignees

Labels

bug riskProne to bugs

Type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions