Description
Gitea Version
1.15
Git Version
No response
Operating System
No response
How are you running Gitea?
I'm using the hosted Gitea service Codeberg
Database
No response
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Description
I tried to add a new Email address to my account (under settings -> account). The Email address contains the "+" (plus) character. I recieved a verification email with a link looking like this:
https://codeberg.org/user/activate_email?code=>long-hex-number>&email=my+email@example.com
When i click on this Link, i just get forwarded to the account-page in the settings (no error message visible), where the second email address still has the "Requires activation"-status.
I think most of you already know where this is leading towards: (I have only surface-level-knowledge of http, so sorry if I use a wrong term) The email address gets submited as a string parameter to a GET-Request, which is probably just created by concatinating the code and the email string to the rest of the link. The "+"-characters are reserved characters in GET-Requests, to represent a space, they probably don't get escaped properly so it's not working. I haven't tried, but I assume this is also the case for all email addresses containing a Character which is allowed in the local-part(the part before the "@"-sign), but a reserved character in a URL (i.e."&")
When I manually substitute the "+" in the verification link for its URL escape character %2B i can add the email address to my account.
Screenshots
No response