From 75f9b19db2f93db64ec819e429cb7f4c13e2e9cf Mon Sep 17 00:00:00 2001 From: Johannes Zellner Date: Wed, 4 Jul 2018 11:09:29 +0200 Subject: [PATCH] Ensure we uri encode the email query arguments for invite, reset and setup links --- src/mailer.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/mailer.js b/src/mailer.js index 22463c4af..59e2a9cd7 100644 --- a/src/mailer.js +++ b/src/mailer.js @@ -202,7 +202,7 @@ function sendInvite(user, invitor) { var templateData = { user: user, webadminUrl: config.adminOrigin(), - setupLink: `${config.adminOrigin()}/api/v1/session/account/setup.html?reset_token=${user.resetToken}&email=${user.email}`, + setupLink: `${config.adminOrigin()}/api/v1/session/account/setup.html?reset_token=${user.resetToken}&email=${encodeURIComponent(user.email)}`, invitor: invitor, cloudronName: mailConfig.cloudronName, cloudronAvatarUrl: config.adminOrigin() + '/api/v1/cloudron/avatar' @@ -239,7 +239,7 @@ function userAdded(user, inviteSent) { var templateData = { user: user, - inviteLink: inviteSent ? null : `${config.adminOrigin()}/api/v1/session/account/setup.html?reset_token=${user.resetToken}&email=${user.email}`, + inviteLink: inviteSent ? null : `${config.adminOrigin()}/api/v1/session/account/setup.html?reset_token=${user.resetToken}&email=${encodeURIComponent(user.email)}`, cloudronName: mailConfig.cloudronName, cloudronAvatarUrl: config.adminOrigin() + '/api/v1/cloudron/avatar' }; @@ -289,7 +289,7 @@ function passwordReset(user) { var templateData = { user: user, - resetLink: `${config.adminOrigin()}/api/v1/session/password/reset.html?reset_token=${user.resetToken}&email=${user.email}`, + resetLink: `${config.adminOrigin()}/api/v1/session/password/reset.html?reset_token=${user.resetToken}&email=${encodeURIComponent(user.email)}`, cloudronName: mailConfig.cloudronName, cloudronAvatarUrl: config.adminOrigin() + '/api/v1/cloudron/avatar' };