[wp-trac] [WordPress Trac] #7192: Password recovery key must not
contain hash # character
WordPress Trac
wp-trac at lists.automattic.com
Fri Jun 27 09:18:15 GMT 2008
#7192: Password recovery key must not contain hash # character
----------------------------+-----------------------------------------------
Reporter: mastermind | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.6
Component: Administration | Version: 2.5.1
Severity: blocker | Keywords:
----------------------------+-----------------------------------------------
On a site where I was registered, I tried to retrieve a new password. The
activation URL was like:
http://example.com/wp-login.php?action=rp&key=J#wi7fuQw8H
When calling the URL, the WP install told me the key was invalid --
obviously, because the hash and the part thereafter are not sent to the
server, but are interpreted as anchor. Encoding the hash as %23 didn't
help neither; I assume this is because the respective function does not
urldecode() the key.
--
Ticket URL: <http://trac.wordpress.org/ticket/7192>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list