Page MenuHomePhabricator
Create Task
Maniphest T270734

Link to preferences in password reset emails do not include URL protocol
Closed, ResolvedPublicBUG REPORT
Actions

Description

See rMW includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php (Line 487)

$url omits the URL protocol (http or https) because it uses getFullURL(); resulting in //lang.wikiproject.org/etc-type URLs.

I guess it needs to be changed to getCanonicalURL() instead.

Details

ProjectBranchLines +/-Subject
mediawiki/coremaster+1 -1Fix display of Special:Preferences url in password reset email
mediawiki/coreREL1_35+1 -1Fix display of Special:Preferences url in password reset email
Customize query in gerrit

Related Objects

Event Timeline

MarcoAurelio created this task.Dec 22 2020, 7:44 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 22 2020, 7:44 PM
MarcoAurelio changed the subtype of this task from "Task" to "Bug Report".Dec 22 2020, 7:45 PM
taavi edited projects, added MediaWiki-User-login-and-signup; removed MediaWiki-General.Dec 22 2020, 8:28 PM
taavi added a subscriber: taavi.
Reedy added a project: MW-1.35-release.Dec 23 2020, 3:24 AM
Reedy added subscribers: MaxSem, Reedy.

This confused me, so tested it

However, if you did not generate this request and want to prevent unsolicited
emails, you may want to update your email options at
<//en.wikipedia.org/wiki/Special:Preferences#mw-prefsection-personal-email>.
You can require both username and email address to generate password reset
emails. This may reduce the number of such incidents.

The link at the start is fine

Someone (probably you, from IP address <REDACTED>) requested a reset of your
password for Wikipedia (<https://en.wikipedia.org/wiki/Main_Page>). The following user account is
associated with this email address:

Caused by T233969: Update Temporary Password Email with Preference Info [x-small], rMWd1604f7445c1: Mention requiring email address in password reset emails by @MaxSem

gerritbot added a comment.Dec 23 2020, 3:28 AM

Change 651678 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/core@master] Fix display of Special:Preferences url in password reset email

https://gerrit.wikimedia.org/r/651678

gerritbot added a project: Patch-For-Review.Dec 23 2020, 3:28 AM

Change 651603 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/core@REL1_35] Fix display of Special:Preferences url in password reset email

https://gerrit.wikimedia.org/r/651603

Reedy added a comment.Dec 23 2020, 3:29 AM

And for confirmation

reedy@deploy1001:~$ mwscript eval.php enwiki
> var_dump( SpecialPage::getTitleFor( 'Preferences', false, 'mw-prefsection-personal-email' )->getFullURL(), SpecialPage::getTitleFor( 'Preferences', false, 'mw-prefsection-personal-email' )->getCanonicalURL() );
string(73) "//en.wikipedia.org/wiki/Special:Preferences#mw-prefsection-personal-email"
string(79) "https://en.wikipedia.org/wiki/Special:Preferences#mw-prefsection-personal-email"
gerritbot added a comment.Dec 23 2020, 3:52 AM

Change 651678 merged by jenkins-bot:
[mediawiki/core@master] Fix display of Special:Preferences url in password reset email

https://gerrit.wikimedia.org/r/651678

Reedy closed this task as Resolved.Dec 23 2020, 3:53 AM
Reedy claimed this task.
Reedy triaged this task as Low priority.
ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.25; 2021-01-05).Dec 23 2020, 4:00 AM
gerritbot added a comment.Dec 23 2020, 4:05 AM

Change 651603 merged by jenkins-bot:
[mediawiki/core@REL1_35] Fix display of Special:Preferences url in password reset email

https://gerrit.wikimedia.org/r/651603

Maintenance_bot removed a project: Patch-For-Review.Dec 23 2020, 4:10 AM
ReleaseTaggerBot added a project: MW-1.35-notes.Dec 23 2020, 5:00 AM
MarcoAurelio added a comment.Dec 23 2020, 10:08 PM

Thank you.

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL