nul800sebastiaan
commented
9 months ago Yeah, that part of the backoffice hasn't gotten much love for many years! 😅 I've put it up for grabs, seems like it shouldn't be too hard to fix.
Open jmf-umbraco opened 9 months ago
nul800sebastiaan
commented
9 months ago Yeah, that part of the backoffice hasn't gotten much love for many years! 😅 I've put it up for grabs, seems like it shouldn't be too hard to fix.
nagolucky18
commented
8 months ago I can look at this one.
Which Umbraco version are you using? (Please write the exact version, example: 10.1.0)
13.1.0
Bug summary
When restricting public access to a specific member, bad data is persisted if the member's login contains a '+' character. It is not uncommon for mail providers to support aliasing multiple addresses to one mailbox using this character.
Specifics
When making the request to the backoffice public access controller, it looks like member logins are sent in a query string parameter, which is not URL encoded.
On hitting the save button, a
POSTis sent tohttps://localhost:44303/umbraco/backoffice/umbracoapi/publicaccess/PostPublicAccess?contentId=1075&loginPageId=1075&errorPageId=1075&usernames[]=jmf+directaccess@umbraco.dk. Note the '+' character in the email.But to the controller receiving it, this login is interpreted as
jmf directaccess@umbraco.dk.I have not yet tested whether affected members are able to browse to the selected content nodes via SSR or the delivery API, but my best guess is that they cannot.
Steps to reproduce
Expected result / actual result
Actual Result
RuleValuefield in any triggeredPublicAccessEntrySavedNotification's rules contains a space character instead of a '+'Expected Result