diff options
author | David Lu <david.lu@hotmail.com> | 2016-05-03 13:06:43 -0400 |
---|---|---|
committer | Harrison Healey <harrisonmhealey@gmail.com> | 2016-05-03 13:06:43 -0400 |
commit | e4b744362b33b78e9b3031498bdddf64052bf70f (patch) | |
tree | 0f4b86f075ccbb9758edbbaf9b2a84c87bf7a5e8 /api | |
parent | a9cf5172da766b07e5b869e3cdc5cb94e1f0c08f (diff) | |
download | chat-e4b744362b33b78e9b3031498bdddf64052bf70f.tar.gz chat-e4b744362b33b78e9b3031498bdddf64052bf70f.tar.bz2 chat-e4b744362b33b78e9b3031498bdddf64052bf70f.zip |
Added query escaping to emails (#2867)
Diffstat (limited to 'api')
-rw-r--r-- | api/user.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/api/user.go b/api/user.go index abd34fcab..d8e2e6623 100644 --- a/api/user.go +++ b/api/user.go @@ -357,7 +357,7 @@ func sendWelcomeEmailAndForget(c *Context, userId string, email string, siteURL bodyPage.Props["TeamURL"] = siteURL if !verified { - link := fmt.Sprintf("%s/do_verify_email?uid=%s&hid=%s&email=%s", siteURL, userId, model.HashPassword(userId), email) + link := fmt.Sprintf("%s/do_verify_email?uid=%s&hid=%s&email=%s", siteURL, userId, model.HashPassword(userId), url.QueryEscape(email)) bodyPage.Props["VerifyUrl"] = link } @@ -409,7 +409,7 @@ func addDirectChannelsAndForget(teamId string, user *model.User) { func SendVerifyEmailAndForget(c *Context, userId, userEmail, siteURL string) { go func() { - link := fmt.Sprintf("%s/do_verify_email?uid=%s&hid=%s&email=%s", siteURL, userId, model.HashPassword(userId), userEmail) + link := fmt.Sprintf("%s/do_verify_email?uid=%s&hid=%s&email=%s", siteURL, userId, model.HashPassword(userId), url.QueryEscape(userEmail)) subjectPage := utils.NewHTMLTemplate("verify_subject", c.Locale) subjectPage.Props["Subject"] = c.T("api.templates.verify_subject", @@ -1814,7 +1814,7 @@ func sendEmailChangeEmailAndForget(c *Context, oldEmail, newEmail, siteURL strin func SendEmailChangeVerifyEmailAndForget(c *Context, userId, newUserEmail, siteURL string) { go func() { - link := fmt.Sprintf("%s/do_verify_email?uid=%s&hid=%s&email=%s", siteURL, userId, model.HashPassword(userId), newUserEmail) + link := fmt.Sprintf("%s/do_verify_email?uid=%s&hid=%s&email=%s", siteURL, userId, model.HashPassword(userId), url.QueryEscape(newUserEmail)) subjectPage := utils.NewHTMLTemplate("email_change_verify_subject", c.Locale) subjectPage.Props["Subject"] = c.T("api.templates.email_change_verify_subject", |