[wp-trac] [WordPress Trac] #34970: reset password link is broken in email
WordPress Trac
noreply at wordpress.org
Thu Dec 10 11:27:47 UTC 2015
#34970: reset password link is broken in email
--------------------------+-----------------------------
Reporter: restonce | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Hello, I am using 'WordPress 4.4' and my browser is chrome 47.0 .[[BR]]
At first ,I forgot my password , and click 'reset password' .[[BR]]
And then , my mailbox recived a email like
[[Image(http://oi67.tinypic.com/21loaoh.jpg)]]. [[BR]]
I click the reset link and notice the link attached with a '>' charactor.
(So my reset link is 'https://blog.restonce.com/wp-
login.php?action=rp&key=rMBV4nFgcNSGxPQACcOW&login=readme%3E'. )
As you expected , reset password error .[[BR]]
I found the bug at 'https://github.com/WordPress/WordPress/blob/master/wp-
login.php#L327' :
{{{#!php
<?php
$message .= '<' . network_site_url("wp-
login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login')
. ">\r\n";
}}}
: the link attached the UserName and '>' charactor. [[BR]]
So I suggest to insert a blank character before the last '>' to separate
them and fix this bug.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34970>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list