Link to preferences in password reset emails do not include URL protocol
Closed, ResolvedPublicBUG REPORT
Actions

Description

See rMW includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php (Line 487)

$url omits the URL protocol (http or https) because it uses getFullURL(); resulting in //lang.wikiproject.org/etc-type URLs.

I guess it needs to be changed to getCanonicalURL() instead.

Details

	Project	Branch	Lines +/-	Subject
	mediawiki/core	master	+1 -1	Fix display of Special:Preferences url in password reset email
	mediawiki/core	REL1_35	+1 -1	Fix display of Special:Preferences url in password reset email

Customize query in gerrit

Related Objects

Mentioned Here: T233969: Update Temporary Password Email with Preference Info [x-small]
rMWd1604f7445c1: Mention requiring email address in password reset emails

Event Timeline

MarcoAurelio created this task.Dec 22 2020, 7:44 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 22 2020, 7:44 PM

MarcoAurelio changed the subtype of this task from "Task" to "Bug Report".Dec 22 2020, 7:45 PM

Majavah edited projects, added MediaWiki-User-login-and-signup; removed MediaWiki-General.Dec 22 2020, 8:28 PM

Majavah added a subscriber: Majavah.

This confused me, so tested it

However, if you did not generate this request and want to prevent unsolicited
emails, you may want to update your email options at
<//en.wikipedia.org/wiki/Special:Preferences#mw-prefsection-personal-email>.
You can require both username and email address to generate password reset
emails. This may reduce the number of such incidents.

The link at the start is fine

Someone (probably you, from IP address <REDACTED>) requested a reset of your
password for Wikipedia (<https://en.wikipedia.org/wiki/Main_Page>). The following user account is
associated with this email address:

Caused by T233969: Update Temporary Password Email with Preference Info [x-small], rMWd1604f7445c1: Mention requiring email address in password reset emails by @MaxSem

Change 651678 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/core@master] Fix display of Special:Preferences url in password reset email

https://gerrit.wikimedia.org/r/651678

Change 651603 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/core@REL1_35] Fix display of Special:Preferences url in password reset email

https://gerrit.wikimedia.org/r/651603

And for confirmation

reedy@deploy1001:~$ mwscript eval.php enwiki
> var_dump( SpecialPage::getTitleFor( 'Preferences', false, 'mw-prefsection-personal-email' )->getFullURL(), SpecialPage::getTitleFor( 'Preferences', false, 'mw-prefsection-personal-email' )->getCanonicalURL() );
string(73) "//en.wikipedia.org/wiki/Special:Preferences#mw-prefsection-personal-email"
string(79) "https://en.wikipedia.org/wiki/Special:Preferences#mw-prefsection-personal-email"

Change 651678 merged by jenkins-bot:
[mediawiki/core@master] Fix display of Special:Preferences url in password reset email

https://gerrit.wikimedia.org/r/651678

Reedy closed this task as Resolved.Dec 23 2020, 3:53 AM

Reedy claimed this task.

Reedy triaged this task as Low priority.

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.25; 2021-01-05).Dec 23 2020, 4:00 AM

Change 651603 merged by jenkins-bot:
[mediawiki/core@REL1_35] Fix display of Special:Preferences url in password reset email

https://gerrit.wikimedia.org/r/651603

Maintenance_bot removed a project: Patch-For-Review.Dec 23 2020, 4:10 AM

ReleaseTaggerBot added a project: MW-1.35-notes.Dec 23 2020, 5:00 AM

Thank you.

Link to preferences in password reset emails do not include URL protocolClosed, ResolvedPublicBUG REPORTActions

Description

Details

Related Objects

Event Timeline

Link to preferences in password reset emails do not include URL protocol
Closed, ResolvedPublicBUG REPORT
Actions