non-issue Account validation broken

[g96968]

When creating a new account, forum.step-project.com is sending the following validation link:

https://forum.step-project.com/index.php?app=core&module=global§ion=register&do=05

 

where it should be:

https://forum.step-project.com/index.php?app=core&module=global&section=register&do=05

 

Similarly, the auto validation link is broken:

https://forum.step-project.com/index.php?app=core&module=global§ion=register&do=auto_validate&uid=xxxx&aid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

but it should be:

https://forum.step-project.com/index.php?app=core&module=global&section=register&do=auto_validate&uid=xxxx&aid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

Finally, the https interface is open with a bad certificate and an admin management access. Even if you don't care about secure access, you should at least close down that interface since it's a separate running instance. Alternatively if you're using it for admin operations you should assign a non-default port so it won't get accessed by mistake.

[hishutup]

Moved.

[stoppingby4now]

Links are being sent out correctly. That is most likely a client side, or service side if you are using an e-mail service, issue. In other words, something is specifically re-writing "global&section" to be "global§ion". It's not on our end.

[Greg]

This looks like an HTML decoding bug in the email service or the email client. Specifically, § is the HTML encoded version of the section sign (§) and the translation should occur only when the encoding begins with an ampersand and ends with a semicolon. In this case, the software is erroneously replacing &sect with section sign even though &sect is not a valid HTML encoding and should not be translated.

[stoppingby4now]

Thanks for the excellent information Greg.