Fix action token sending for chracters that are escaped in html

The function body of escape is ``` def escape(s): """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in the string with HTML-safe sequences. Use this if you need to display text that might contain such characters in HTML. If the object has an ``__html__`` method, it is called and the return value is assumed to already be safe for HTML. :param s: An object to be converted to a string and escaped. :return: A :class:`Markup` string with the escaped text. """ if hasattr(s, "__html__"): return Markup(s.__html__()) return Markup( text_type(s) .replace("&", "&") .replace(">", ">") .replace("<", "<") .replace("'", "'") .replace('"', """) ) ``` It doesn't make sense to lookup the replaced values in the database, and it breaks single-quotes in the email username portion, which is valid https://en.wikipedia.org/wiki/Email_address#Syntax
jmchilton · Nov 4, 2021 · 48d5431 · 48d5431
1 parent 2b25c37
commit 48d5431
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/galaxy/managers/users.py b/lib/galaxy/managers/users.py
@@ -488,7 +488,7 @@ def send_activation_email(self, trans, email, username):
         """
         Send the verification email containing the activation link to the user's email.
         """
-        activation_token = self.__get_activation_token(trans, escape(email))
+        activation_token = self.__get_activation_token(trans, email)
         activation_link = url_for(controller='user', action='activate', activation_token=activation_token, email=escape(email), qualified=True)
         host = self.__get_host(trans)
         custom_message = ''