search

glondu / belenios

Verifiable online voting system. This is a mirror of https://gitlab.inria.fr/belenios/belenios
https://www.belenios.org
GNU Affero General Public License v3.0
133 stars 21 forks source link

Wrong link sent to the trustees #37

Closed Prajeeths18 closed 2 years ago

Prajeeths18 commented 3 years ago

I was creating and conducting elections in Belenios for finding out loopholes in it. So, I followed the usual procedure. I first created the admin user, then some voters, questions, and sent the credentials and passwords to them. But, when it comes to the trustees, where we have to send the link for them to generate the decryption key, it seems that the link is sent in a wrong way.

The link found in the email is: https://belenios.loria.fr/draft/threshold-trustee?token=SwCan9Xj2yEB4W&uuid=Qnzd5shpFWSYhD which on opening shows "Wrong Parameters".

The actual link(which I found out as an admin) is: https://belenios.loria.fr/draft/threshold-trustee?token=SwCan9Xj2yEB4W&uuid=Qnzd5shpFWSYhD

So, as you can see, there is an "amp;" that is somehow added while sending through the mail, which causes the link to be broken.

glondu commented 3 years ago

I am aware of this bug when the mailto handler is Zimbra, but could not reproduce the bug with other mailers (I tried Thunderbird and Roundcube). I concluded it was a bug in Zimbra. What is your mailto handler?

Prajeeths18 commented 3 years ago

My mailto handler is Zimbra.

glondu commented 2 years ago

This has been fixed and released in 1.19.