[wp-trac] [WordPress Trac] #47073: Lost Password generates invalid link in user email
WordPress Trac
noreply at wordpress.org
Mon Apr 29 17:12:47 UTC 2019
#47073: Lost Password generates invalid link in user email
--------------------------+-----------------------------
Reporter: lcwakeman | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.0
Severity: major | Keywords:
Focuses: |
--------------------------+-----------------------------
When a user asks to reset their password, the link generated by wp-
login.php is invalid. This is in all releases since at least 5.0 and is in
the latest nightly build.
wp-login.php line 390 of latest build is:
$message .= '<' . network_site_url( "wp-
login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ),
'login' ) . ">\r\n";
S/B:
$message .= network_site_url( "wp-
login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ),
'login' ) . "\r\n";
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47073>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list