[wp-trac] [WordPress Trac] #34970: reset password link is broken in email

WordPress Trac noreply at wordpress.org
Thu Dec 10 11:27:47 UTC 2015


#34970: reset password link is broken in email
--------------------------+-----------------------------
 Reporter:  restonce      |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Users         |    Version:  trunk
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 Hello, I am using 'WordPress 4.4' and my browser is chrome 47.0 .[[BR]]

 At first ,I forgot my password , and click 'reset password' .[[BR]]

 And then , my mailbox recived a email like
 [[Image(http://oi67.tinypic.com/21loaoh.jpg)]]. [[BR]]

 I click the reset link and notice the link attached with a '>' charactor.
 (So my reset link is  'https://blog.restonce.com/wp-
 login.php?action=rp&key=rMBV4nFgcNSGxPQACcOW&login=readme%3E'. )
 As you expected , reset password error .[[BR]]

 I found the bug at 'https://github.com/WordPress/WordPress/blob/master/wp-
 login.php#L327' :
 {{{#!php
 <?php
 $message .= '<' . network_site_url("wp-
 login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login')
 . ">\r\n";
 }}}
 : the link attached the UserName and '>' charactor. [[BR]]

 So I suggest to insert a blank character before the last '>' to separate
 them and fix this bug.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/34970>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list