Ensure email validation link parameters are URL-encoded (#6063)

The validation links sent via email had their query parameters inserted without any URL-encoding. Surprisingly this didn't seem to cause any issues, but if a user were to put a `/` in their client_secret it could lead to problems.
2024-07-12 16:31:52 +00:00 · 2019-09-20 10:46:59 +01:00 · 2019-09-20 10:46:59 +01:00 · aeb40f355c
commit aeb40f355c
parent 3ac614eb6c
2 changed files with 7 additions and 4 deletions
--- a/changelog.d/6063.bugfix
+++ b/changelog.d/6063.bugfix
@ -0,0 +1 @@
+Ensure query parameters in email validation links are URL-encoded.
--- a/synapse/push/mailer.py
+++ b/synapse/push/mailer.py
@ -136,10 +136,11 @@ class Mailer(object):
                group together multiple email sending attempts
            sid (str): The generated session ID
        """
+        params = {"token": token, "client_secret": client_secret, "sid": sid}
        link = (
            self.hs.config.public_baseurl
-            + "_matrix/client/unstable/password_reset/email/submit_token"
-            "?token=%s&client_secret=%s&sid=%s" % (token, client_secret, sid)
+            + "_matrix/client/unstable/password_reset/email/submit_token?%s"
+            % urllib.parse.urlencode(params)
        )

        template_vars = {"link": link}
@ -163,10 +164,11 @@ class Mailer(object):
                group together multiple email sending attempts
            sid (str): The generated session ID
        """
+        params = {"token": token, "client_secret": client_secret, "sid": sid}
        link = (
            self.hs.config.public_baseurl
-            + "_matrix/client/unstable/registration/email/submit_token"
-            "?token=%s&client_secret=%s&sid=%s" % (token, client_secret, sid)
+            + "_matrix/client/unstable/registration/email/submit_token?%s"
+            % urllib.parse.urlencode(params)
        )

        template_vars = {"link": link}
				`@ -0,0 +1 @@`
				`Ensure query parameters in email validation links are URL-encoded.`