You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To reproduce, you need to be logged into a forum account, and use the contact.php form to send a message. Then check the received email and see the user profile URL in the email.
Let me know if you need further details,
Ani
The text was updated successfully, but these errors were encountered:
Hello,
On MyBB 1.8.37 (and ever since I remember), the profile URL in the contact form is escaped in a way where it breaks the URL.
For instance:
Expected: https://forums.rpcs3.net/member.php?action=profile&uid=1
Actual: https://forums.rpcs3.net/member.php?action=profile&uid=1
The
&
is escaped to&
, breaking the URL.Culprit code is:
mybb/inc/functions.php
Line 6405 in 9a701b2
mybb/contact.php
Line 219 in 9a701b2
To reproduce, you need to be logged into a forum account, and use the contact.php form to send a message. Then check the received email and see the user profile URL in the email.
Let me know if you need further details,
Ani
The text was updated successfully, but these errors were encountered: