Steps to reproduce
- Create New User
- Email is sent to new user to access own cloud
3.Mail is received and html code is interpreted correctly by email client - User goes to the link and provides new password
- An email is sent to the user regarding “Password change successfully”
- The whole body of the message is presented in plain text (all html statements are shown)
IF THE USER REQUESTS A PASSWORD RESET FOR A SECOND TIME, THE MAIL IS SENT CORRECTLY
Expected behaviour
Tell us what should happen
The Password change message should be displayed correctly (html interpreted, not displayed)
Actual behaviour
Tell us what happens instead
Message is presented as plain text
Server configuration
Operating system:
Centos 7
Web server:
Apache 2.4
Database:
MariaDB (Mysql)
PHP version:
7.2
ownCloud version: (see ownCloud admin page)
10.2
Updated from an older ownCloud or fresh install:
Fresh Install
Where did you install ownCloud from:
Community Site
Signing status (ownCloud 9.0 and above):
Login as admin user into your ownCloud and access
http://example.com/index.php/settings/integrity/failed
paste the results into https://gist.github.com/ and puth the link here.
The content of config/config.php:
Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.
JSON File: [https://docustore.tratoregio.com/index.php/s/JwXlP8GV7oADBic](http://REPORT.json)
or
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder
*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.
List of activated apps:
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.
Are you using external storage, if yes which one: local/smb/sftp/…
NO
Are you using encryption: yes/no
YES
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…
NO
LDAP configuration (delete this part if not used)
N/A
With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder
Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';
Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.
Client configuration
Browser:
Safari
Operating system:
Mojave
Logs
Web server error log
Insert your webserver log here
NO ACTIVITY DURING THE TEST
ownCloud log (data/owncloud.log)
THERE IS NO ACTIVITY DURING THE PROCESS
Insert your ownCloud log here
#### Browser log
Insert your browser log here, this could for example include:
a) The javascript console log
b) The network log
c) …
