summary refs log tree commit diff
path: root/changelog.d/6063.bugfix
diff options
context:
space:
mode:
authorAndrew Morgan <1342360+anoadragon453@users.noreply.github.com>2019-09-20 10:46:59 +0100
committerGitHub <noreply@github.com>2019-09-20 10:46:59 +0100
commitaeb40f355c8590855eeca05b49bfff2b91faa85b (patch)
treec2b0fa901f47dd6daa8bddb76601a4af4600d5e4 /changelog.d/6063.bugfix
parentDrop support for bind param on POST /account/3pid (MSC2290) (#6067) (diff)
downloadsynapse-aeb40f355c8590855eeca05b49bfff2b91faa85b.tar.xz
Ensure email validation link parameters are URL-encoded (#6063)
The validation links sent via email had their query parameters inserted without any URL-encoding. Surprisingly this didn't seem to cause any issues, but if a user were to put a `/` in their client_secret it could lead to problems.
Diffstat (limited to 'changelog.d/6063.bugfix')
-rw-r--r--changelog.d/6063.bugfix1
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/6063.bugfix b/changelog.d/6063.bugfix
new file mode 100644
index 0000000000..7485e32a2c
--- /dev/null
+++ b/changelog.d/6063.bugfix
@@ -0,0 +1 @@
+Ensure query parameters in email validation links are URL-encoded.
\ No newline at end of file