[wp-trac] [WordPress Trac] #7192: Password recovery key must not contain hash # character

WordPress Trac wp-trac at lists.automattic.com
Fri Jun 27 09:18:15 GMT 2008

#7192: Password recovery key must not contain hash # character
 Reporter:  mastermind      |       Owner:  anonymous
     Type:  defect          |      Status:  new      
 Priority:  normal          |   Milestone:  2.6      
Component:  Administration  |     Version:  2.5.1    
 Severity:  blocker         |    Keywords:           
 On a site where I was registered, I tried to retrieve a new password. The
 activation URL was like:


 When calling the URL, the WP install told me the key was invalid --
 obviously, because the hash and the part thereafter are not sent to the
 server, but are interpreted as anchor. Encoding the hash as %23 didn't
 help neither; I assume this is because the respective function does not
 urldecode() the key.

Ticket URL: <http://trac.wordpress.org/ticket/7192>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list