[wp-trac] [WordPress Trac] #6842: Password reset links produce
invalid keys
WordPress Trac
wp-trac at lists.automattic.com
Fri Apr 25 16:58:57 GMT 2008
#6842: Password reset links produce invalid keys
------------------------+---------------------------------------------------
Reporter: MtDewVirus | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.7
Component: Security | Version: 2.6
Severity: normal | Keywords:
------------------------+---------------------------------------------------
When using /wp-login.php?action=lostpassword the password reset link
received in the email does not work. When clicking on the link, you get
"Sorry, that key does not appear to be valid."
Also, some of the characters used in the key aren't treated as part of a
link in email (Gmail as an example).
Example: http://blog.com/wp-login.php?action=rp&key=yG#S^w4U&QY(
Only http://blog.com/wp-login.php?action=rp&key=yG#S was treated as a link
in Gmail and the rest was plain text.
Tested on r7835
--
Ticket URL: <http://trac.wordpress.org/ticket/6842>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list