[wp-trac] [WordPress Trac] #38897: user_email with & (ampersand) being encoded within the database making notifications fail

[WordPress Trac]

#38897: user_email with & (ampersand) being encoded within the database making
notifications fail
-----------------------------+------------------------
 Reporter:  garrett-eclipse  |       Owner:  (none)
     Type:  defect (bug)     |      Status:  closed
 Priority:  normal           |   Milestone:
Component:  Users            |     Version:  4.6.1
 Severity:  normal           |  Resolution:  duplicate
 Keywords:                   |     Focuses:
-----------------------------+------------------------
Changes (by garrett-eclipse):

 * resolution:  wontfix => duplicate


Old description:

> Hello,
>
> It seems Wordpress does some encoding on the email field which causes
> issues as the encoded email is stored in the database and causes
> notifications to fail as it's no longer a valid email.
>
> The specific email i noticed this with had an ampersand (&) within the
> email, the following is a bogus one to illustrate;
> johnny&joey at telus.net
>
> This is apparently a valid email according to telus.net (as the email
> exists there, not that exact one of course) and according to IETF Trust
> as shown in this stack overflow answer;
> http://stackoverflow.com/a/2049510
>
> Anyway, if you register a user with an email containing & it will encode
> it into the database and fail to deliver the password notification.
>
> The following should NOT be encoded;
> "Characters ! # $ % & ' * + - / = ? ^ _ ` { | } ~
> Character . (dot, period, full stop) provided that it is not the first or
> last character, and provided also that it does not appear two or more
> times consecutively."
>
> Thank you

New description:

 Hello,

 It seems WordPress does some encoding on the email field which causes
 issues as the encoded email is stored in the database and causes
 notifications to fail as it's no longer a valid email.

 The specific email i noticed this with had an ampersand (&) within the
 email, the following is a bogus one to illustrate;
 johnny&joey at telus.net

 This is apparently a valid email according to telus.net (as the email
 exists there, not that exact one of course) and according to IETF Trust as
 shown in this stack overflow answer;
 http://stackoverflow.com/a/2049510

 Anyway, if you register a user with an email containing & it will encode
 it into the database and fail to deliver the password notification.

 The following should NOT be encoded;
 "Characters ! # $ % & ' * + - / = ? ^ _ ` { | } ~
 Character . (dot, period, full stop) provided that it is not the first or
 last character, and provided also that it does not appear two or more
 times consecutively."

 Thank you

--

Comment:

 I was going to reopen this but found there's an older ticket with an
 existing patch that was also closed in the mass closure so marking this a
 duplicate of #16788 and re-opening it.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/38897#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform