HINA :: 工程幼稚園 :: [TextCube] Bug reoprt, reset user password e-mail with incorrect hyper-link.

views: 2340 times

Mobile:http://blog.hinablue.me/m/553

BUG Report version: TextCube 1.5x, 1.6x, 1.7x
File: /interface/login/index.php
Find and Delete this Line (about line 26):

$blogURL = getBlogURL();

keep the /lib/auth.php, DO NOT MODIFY IT.

BUG Report version: TextCube 1.5x, 1.6x, 1.7x
~~File: /lib/auth.php~~
~~Find the Line 189:~~

$message = str_replace('[##_link_##]', "$hostURL$blogURL/login?loginid=" . rawurlencode($loginid) . '&password=' . rawurlencode($authtoken) . '&requestURI=' . rawurlencode("$hostURL$blogURL/owner/setting/account?password=" . rawurlencode($password)), $message);

REMOVE THIS: $hostURL
~~Fixed like this:~~

$message = str_replace('[##_link_##]', "$blogURL/login?loginid=" . rawurlencode($loginid) . '&password=' . rawurlencode($authtoken) . '&requestURI=' . rawurlencode("$blogURL/owner/setting/account?password=" . rawurlencode($password)), $message);

這支 bug 存在很久了，我追朔到 TC 1.5 好像就有了。之前有沒有我不知道，這是在討論區 winne 再問的時候我翻到的，起初我還以為他所謂的初始化密碼是使用者的那一塊，結果不是，反而是在登入登出的認證介面那邊！感謝 winne 讓我挖到這個臭蟲囉！

這個 bug 會讓使用者的重新設定密碼的信件連結錯誤，導致使用者無法正確的從 TC 所寄發的密碼信件正確的連結到部落格中。

我不放檔案，因為每個版本的東西可能不同，就勞請各位自己改一下吧！

創用 CC 授權

本創作適用姓名標示-非商業性-禁止改作 3.0 創用 CC 授權，台灣並依循所適用的授權條款。

Bookmarks: HEMiDEMi Technorati Del.icio.us Digg funP Yahoo! Furl

相關文章

[TextCube] Google Map Flash with custom Geocoder,Comments: 0 | Trackbacks: 0 | 2009/04/20 12:04
[TextCube] 從 TextCube 發送 Plurk,Comments: 14 | Trackbacks: 0 | 2009/04/17 20:04
[TextCube] GoogleMap Flash, more friendly, more quickly,Comments: 4 | Trackbacks: 0 | 2009/03/26 13:03
[TextCube] GoogleMap Flash for TextCube,Comments: 0 | Trackbacks: 0 | 2009/03/24 16:03
[TextCube] 懶人插件，在編輯器插入網路圖片,Comments: 0 | Trackbacks: 0 | 2009/03/18 13:03
[TextCube] TC 1.7.7 patch,Comments: 0 | Trackbacks: 0 | 2009/03/16 16:03
[TextCube] Photo Studio Skin with tiltviewer,Comments: 13 | Trackbacks: 1 | 2009/03/11 13:03
[TextCube] TC 1.7.7 Con moto 正式發佈,Comments: 0 | Trackbacks: 0 | 2009/03/06 12:03
[TextCube] Links BIG BUG within Export and Import data,Comments: 0 | Trackbacks: 0 | 2009/03/05 15:03
[TextCube] 五週年,Comments: 0 | Trackbacks: 0 | 2009/03/02 17:03

作者資訊

偏執與強迫症的患者，算不上是無可救藥，只是我已經遇上我的良醫了。

Comment RSS : http://blog.hinablue.me/rss/comment/553
inureyes 2008/05/25 14:22 Modify/Delete Reply Address

Without $hostURL, link will not contain full URL. $hostURL contains HTTP_HOST and port information. ^^

Thank you for bug reports :D
- hina 2008/05/25 14:36 Modify/Delete Address
  
  thanks for your comment.
  
  But I found this link always incorrect in email there:
  
  http://hina.ushiisland.nethttp://hina.ushiisland.net/blog/hinablue/login?loginid=hinablue@msn.com&password=*********************&requestURI=http://hina.ushiisland.nethttp://hina.ushiisland.net/blog/hinablue/owner/setting/account?password%3D*********************
  
  see? the domain name repeat in this link.
  $hostURL = http://hina.ushiisland.net
  $blogURL = http://hina.ushiisland.net/blog/hinablue
  
  So, if within $hostURL, this link will no work in the e-mail.
  
  BTW, I cannot comment in your guestbook :P
  
  If without $hostURL, the link will correct and work correct like this,
  
  http://hina.ushiisland.net/blog/hinablue/login?loginid=hinablue@msn.com&password=*********************&requestURI=http://hina.ushiisland.net/blog/hinablue/owner/setting/account?password%3D*********************
- inureyes 2008/05/25 14:57 Modify/Delete Address
  
  That's a strange situation. :-( hmm...
  
  Did you force the $service['path'] value at config.php? That situation can happen if $service['path'] is changed by setting. usually that value should look like :
  $service['path'] = '/trunk';
  $service['path'] = '/tc';
  which contains only path information, not full URL information.
  
  Please check it :D
- hina 2008/05/25 15:05 Modify/Delete Address
  
  My config.php about path setting is,
  
  $service['path'] = '/blog';
  
  SO, I think the service setting is not a problem about this :P
- inureyes 2008/05/25 15:41 Modify/Delete Address
  
  ok... Can you help me? please add these two lines at /lib/suri.php and tell the results^^
  
  after $folderURL = rtrim($blogURL . $suri['directive'], '/'); (maybe line 143?), add these two lines.
  var_dump($hostURL);
  var_dump($blogURL);
- hina 2008/05/25 16:00 Modify/Delete Address
  
  It's really strange.
  I add var_dump($hostURL); and var_dump($blogURL) in suri.php
  there show up with this,
  string(26) "http://hina.ushiisland.net" string(14) "/blog/hinablue"
  
  BUT, I add these two line in auth.php within function "resetPassword"
  about line after 183, there show up with this,
  string(26) "http://hina.ushiisland.net" string(40) "http://hina.ushiisland.net/blog/hinablue"
  
  the global variable $hostURL and $blogURL in suri.php is not the same in auth.php ??? WHY ???
  
  AND I used $hostURL and $blogURL in plugin which I made, there are correct and the same in suri.php
- inureyes 2008/05/25 16:20 Modify/Delete Address
  
  Due to your test, I found the problem.
  
  function getBlogURL() is added to support 2nd URL from Textcube 1.6.3. However the routine has some problem. (It does not consider 2nd URL setting, and returns wrong type $blogURL) To fix this, remove
  
  $blogURL = getBlogURL(); (line 26?)
  
  from /interface/login/index.php
  
  Thank you for your help^^
- hina 2008/05/25 16:42 Modify/Delete Address
  
  Thanks for your consider with this :D

[TextCube] Bug reoprt, reset user password e-mail with incorrect hyper-link.

Leave your greetings here.

HINA :: 工程幼稚園 - 최근 공지

該隱伯在噗浪

Google 網上論壇

Calendar

Recent Articles

HINA :: 工程幼稚園 - 최근 글

Recent comments

HINA :: 工程幼稚園 - 最新評論

Category

Tags

Bookmarks

« 2009/07 »
日	一	二	三	四	五	六
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31