[wp-trac] [WordPress Trac] #23874: Multisite: forgot password link navigates to the primary domain not the current domain.
WordPress Trac
noreply at wordpress.org
Fri Mar 29 19:23:45 UTC 2013
#23874: Multisite: forgot password link navigates to the primary domain not the
current domain.
--------------------------+------------------------
Reporter: cullaloe | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Multisite | Version: 3.5.1
Severity: normal | Resolution: duplicate
Keywords: |
--------------------------+------------------------
Changes (by SergeyBiryukov):
* milestone: Awaiting Review =>
Old description:
> Users on subsites clicking "forgot password" link are directed to the
> network domain to reset their password. This causes confusion for users
> as they finish up on the network domain instead of the site they think
> they are registered on.
>
> According to @Philly's post on http://www.s2member.com/forums/topic
> /login-widget-on-multisite/ this was introduced "Its a WordPress bug
> introduced [in 2011] in wp-includes/general-template.php". He offers the
> following modifications, which work nicely on my installation (3.5.1).
>
> wp-includes/general-template.php:
>
> function wp_lostpassword_url( $redirect = '' ) {
> $args = array( 'action' => 'lostpassword' );
> if ( !empty($redirect) ) {
> $args['redirect_to'] = $redirect;
> }
>
> $lostpassword_url = add_query_arg( $args,
> network_site_url('wp-login.php', 'login') );
> return apply_filters( 'lostpassword_url',
> $lostpassword_url, $redirect );
> }
>
> Should be
>
> function wp_lostpassword_url( $redirect = '' ) {
> $args = array( 'action' => 'lostpassword' );
> if ( !empty($redirect) ) {
> $args['redirect_to'] = $redirect;
> }
>
> $lostpassword_url = add_query_arg( $args, site_url('wp-
> login.php', 'login') );
> return apply_filters( 'lostpassword_url',
> $lostpassword_url, $redirect );
> }
>
> Also WordPress is generating the incorrect email in wp-login.php
>
> $message = __('Someone requested that the password be reset for the
> following account:') . "\r\n\r\n";
> $message .= network_home_url( '/' ) . "\r\n\r\n";
> $message .= sprintf(__('Username: %s'), $user_login) .
> "\r\n\r\n";
> $message .= __('If this was a mistake, just ignore this email and
> nothing will happen.') . "\r\n\r\n";
> $message .= __('To reset your password, visit the following
> address:') . "\r\n\r\n";
> $message .= '<' . network_site_url("wp-
> login.php?action=rp&key=$key&login=" . rawurlencode($user_login),
> 'login') . ">\r\n";
>
> should be
>
> $message = __('Someone requested that the password be reset for the
> following account:') . "\r\n\r\n";
> $message .= home_url( '/' ) . "\r\n\r\n";
> $message .= sprintf(__('Username: %s'), $user_login) .
> "\r\n\r\n";
> $message .= __('If this was a mistake, just ignore this email and
> nothing will happen.') . "\r\n\r\n";
> $message .= __('To reset your password, visit the following
> address:') . "\r\n\r\n";
> $message .= '<' . site_url("wp-
> login.php?action=rp&key=$key&login=" . rawurlencode($user_login),
> 'login') . ">\r\n";
New description:
Users on subsites clicking "forgot password" link are directed to the
network domain to reset their password. This causes confusion for users as
they finish up on the network domain instead of the site they think they
are registered on.
According to @Philly's post on http://www.s2member.com/forums/topic/login-
widget-on-multisite/ this was introduced "Its a WordPress bug introduced
[in 2011] in wp-includes/general-template.php". He offers the following
modifications, which work nicely on my installation (3.5.1).
wp-includes/general-template.php:
{{{
function wp_lostpassword_url( $redirect = '' ) {
$args = array( 'action' => 'lostpassword' );
if ( !empty($redirect) ) {
$args['redirect_to'] = $redirect;
}
$lostpassword_url = add_query_arg( $args, network_site_url
('wp-login.php', 'login') );
return apply_filters( 'lostpassword_url',
$lostpassword_url, $redirect );
}
}}}
Should be
{{{
function wp_lostpassword_url( $redirect = '' ) {
$args = array( 'action' => 'lostpassword' );
if ( !empty($redirect) ) {
$args['redirect_to'] = $redirect;
}
$lostpassword_url = add_query_arg( $args, site_url('wp-
login.php', 'login') );
return apply_filters( 'lostpassword_url',
$lostpassword_url, $redirect );
}
}}}
Also WordPress is generating the incorrect email in wp-login.php
{{{
$message = __('Someone requested that the password be reset for the
following account:') . "\r\n\r\n";
$message .= network_home_url( '/' ) . "\r\n\r\n";
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
$message .= __('If this was a mistake, just ignore this email and
nothing will happen.') . "\r\n\r\n";
$message .= __('To reset your password, visit the following
address:') . "\r\n\r\n";
$message .= '<' . network_site_url("wp-
login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login')
. ">\r\n";
}}}
should be
{{{
$message = __('Someone requested that the password be reset for the
following account:') . "\r\n\r\n";
$message .= home_url( '/' ) . "\r\n\r\n";
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
$message .= __('If this was a mistake, just ignore this email and
nothing will happen.') . "\r\n\r\n";
$message .= __('To reset your password, visit the following
address:') . "\r\n\r\n";
$message .= '<' . site_url("wp-
login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login')
. ">\r\n";
}}}
--
--
Ticket URL: <http://core.trac.wordpress.org/ticket/23874#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list