Guranteed somebody will paste the verification link and not the token, especially before all the translations are completed. But even then...

2018-01-27 15:20:43 -08:00
parent 69099a2732
commit 21f464a557
1 changed files with 1 additions and 1 deletions
--- a/Zotlabs/Module/Email_validation.php
+++ b/Zotlabs/Module/Email_validation.php
@@ -8,7 +8,7 @@ class Email_validation extends \Zotlabs\Web\Controller {
 	function post() {

 		if($_POST['token']) {
-			if(! account_approve(trim($_POST['token']))) {
+			if(! account_approve(trim(basename($_POST['token'])))) {
 				notice('Token verification failed.');
 			}
 		}