Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generated user passwords are translated incorrectly in the sent email. #21986

Closed
strike65 opened this issue May 7, 2021 · 4 comments · Fixed by #21994
Closed

Generated user passwords are translated incorrectly in the sent email. #21986

strike65 opened this issue May 7, 2021 · 4 comments · Fixed by #21994
Assignees
@gabrieleiro

Comments

@strike65
Copy link

strike65 commented May 7, 2021
edited
Loading

Description:

When an admin generates a "random" password for a user, it may contain the "&" or any other "special html entity".
This is then rewritten as HTML entity by the parser that composes the email to the user: &

For example, the generated password would be: secureword&123
Then in the mail to the user appears: secureword&123

When the user then enters the password, it will of course not match.

This is a heavy bug I think.

Steps to reproduce:

  1. Goto Administration -> Users
  2. Select an user
  3. Edit the user
  4. Enable "Set random password and send by email"
  5. Save

Expected behavior:

The password is sent without rewrite.

Actual behavior:

The password may contain html special entities.

Server Setup Information:

  • Version of Rocket.Chat Server: 3.13.1
  • Operating System: Linux
  • Deployment Method: unknown
  • Number of Running Instances: 1
  • DB Replicaset Oplog: enabled
  • NodeJS Version: 12.18.4
  • MongoDB Version: 4.0.23 / mmapv1

Client Setup Information

  • Browser or any desktop app
  • Operating System: any
@bhavayAnand9
Copy link
Contributor

I'd like to work on this issue :)

@strike65
Copy link
Author

strike65 commented May 8, 2021

That would be nice!

@johncrisp
Copy link

Hi and thanks for reporting.
Can you please test this on the latest version as this may already be fixed.
Thanks.

@bhavayAnand9
Copy link
Contributor

bhavayAnand9 commented May 8, 2021
edited
Loading

Hi @johncrisp
I tested this on Rocket.Chat Version: 3.15.0-develop, I was able to replicate this.
Thanks

@bhavayAnand9 bhavayAnand9 mentioned this issue May 8, 2021
Merged
@gabrieleiro gabrieleiro self-assigned this May 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gabrieleiro gabrieleiro

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[FIX] Emails being sent with HTML entities getting escaped multiple times bhavayAnand9/Rocket.Chat
4 participants
@strike65 @bhavayAnand9 @gabrieleiro @johncrisp