@leaf-node opened this Issue on June 14th 2022

Expected Behavior

  1. Send yourself a password reset email on the login screen of your Matomo site
  2. Open email in plain text mode, click on link
  3. Complete change of password on your site

Current Behavior

Instead of 3. above, one ends up with an expired / invalid token error on your site.

The URL ends in something like: ...96b9f4131cfNote, because it is part of the following string: Note: this link will expire in 24 hours.And thank you for using Matomo!

Possible Solution

Put the link on a new line by itself, and split the trailing "Next: ..." text out onto a following new line.

Steps to Reproduce (for Bugs)

  1. Send yourself a password reset email on the login screen of your Matomo site
  2. View email in Thunderbird with plain text mode
  3. Click link, and see error in your browser window
  4. Edit link by removing Note from the end, and visit that URL, for success.


This prevents people from resetting their password if they are using plain text mode in their email client, but don't have the idea of manually checking the end of the password reset link for combined text.

Thanks : )

Your Environment

  • Matomo Version: 4.10.1
  • PHP Version: 7.2.24-0ubuntu0.18.04.11
  • Server Operating System: Trisquel 9.0.2
  • Additionally installed plugins: CustomVariables, MarketingCampaignsReporting, SecurityInfo, Provider
  • Thunderbird version: 91.10.0 (64-bit)
@bx80 commented on June 14th 2022 Contributor

Hi @leaf-node, thanks for reporting this.

I can confirm that the reset link is combined with the extra text when the email is viewed in plaintext mode. Additionally the HTML reset link doesn't wrap in it's container and can overflow off screen.

This is easy to correct so I've created PR https://github.com/matomo-org/matomo/pull/19357 to fix it

This Issue was closed on June 21st 2022
Powered by GitHub Issue Mirror