From 761fbbbfa8fc8b6341d9c4499475e8812d9136d8 Mon Sep 17 00:00:00 2001
From: Maarten Wolzak <mwolzak@magnatron.nl>
Date: Thu, 12 Feb 2015 22:16:41 +0100
Subject: [PATCH] * Prevent double URL encoding of username and password in
 activation link

---
 core/components/login/controllers/web/ForgotPassword.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/components/login/controllers/web/ForgotPassword.php b/core/components/login/controllers/web/ForgotPassword.php
index 6ebcf793..95b716a3 100644
--- a/core/components/login/controllers/web/ForgotPassword.php
+++ b/core/components/login/controllers/web/ForgotPassword.php
@@ -209,8 +209,8 @@ public function sendPasswordResetEmail() {
         /* generate a password and encode it and the username into the url */
         $password = $this->login->generatePassword();
         $confirmParams = array(
-            'lp' => urlencode(base64_encode($password)),
-            'lu' => urlencode(base64_encode($fields['username']))
+            'lp' => base64_encode($password),
+            'lu' => base64_encode($fields['username'])
         );
         $confirmUrl = $this->modx->makeUrl($this->getProperty('resetResourceId',1),'',$confirmParams,'full');