The correct verification should display
When a new user registers, the welcome email gets sent with the URL to click. The verification code is appended to the URL as url_encode. However, the verification code in the URL is double-encoded. Therefore, when clicking the URL, the form is auto-populated from the parameter, with an incorrect single-decoded verification code
Example URL: http://example.com/zauth/verify-registration/2wd321/%2529%25242Mf
Expected URL: http://example.com/zauth/verify-registration/2wd321/%29%242Mf
Expected Verification Code When Form is Auto-Populated: )$2Mf
Register a new user. Receive the welcome email. Click the URL to verify your account.
Didn't see this before. Could it be that you viewed the html email using a text mode in your email client? In my email client I see all html emails encoded until I explictly allow the html view.
I think the email came as plain text. But on a Mac, Apple Mail transforms URLs automatically as clickable.
I think the emails come as multipart containing both html and plain text versions.
This is indeed a problem.
Example code: *EKQH
Shown in the linked url as: zauth/verify-registration/username/%252AEKQH
Shown in the form input field as: %2AEKQH
remove layer of url_encoding fixxes #3393
remove layer of url_encoding fixes #3393 (#3423)
* remove layer of url_encoding fixxes #3393