[wp-trac] [WordPress Trac] #23420: Lost password, invalid key - noticed something

WordPress Trac noreply at wordpress.org
Fri Feb 8 09:26:32 UTC 2013


#23420: Lost password, invalid key - noticed something
-----------------------------+-------------------------
 Reporter:  demonpengu       |       Type:  enhancement
   Status:  new              |   Priority:  normal
Milestone:  Awaiting Review  |  Component:  General
  Version:  3.5.1            |   Severity:  normal
 Keywords:                   |
-----------------------------+-------------------------
 Hi there,

 I have noticed something about the lost password/email retrieval that may
 be a bug or may help out with the number of requests this gets.

 The link sent with the key and user name is surrounded with < and >

 Some email clients are misinterpreting this link and including the > at
 the end of the user name which in turn kills the database query because
 the user name does not match.

 I have run a couple of tests changing line 235 of wp-login.php to be:


 {{{
 $message .= network_site_url("wp-login.php?action=rp&key=$key&login=" .
 rawurlencode($user_login), 'login') . "\r\n";

 }}}

 from


 {{{
 $message .= '<' . network_site_url("wp-
 login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login')
 . ">\r\n";
 }}}


 This seems to sort the problem out.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/23420>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list