[wp-trac] [WordPress Trac] #35255: Password Reset URL doesn't include period '.' character in username

WordPress Trac noreply at wordpress.org
Tue Dec 29 19:21:51 UTC 2015


#35255: Password Reset URL doesn't include period '.' character in username
----------------------------+-----------------------------
 Reporter:  HaveAnEpiphany  |      Owner:
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Users           |    Version:  trunk
 Severity:  normal          |   Keywords:
  Focuses:  administration  |
----------------------------+-----------------------------
 This one is unexpected, because I don't usually use punctuation in
 usernames, but I just was assigned a user account by a friend of mine on a
 site he controls.

 When the "Your username and password info" email arrived, I clicked the
 link to set my password, and received the `Your password reset link
 appears to be invalid. Please request a new link below.` error.

 Requesting a new password via email resulted in the password email
 arriving, and when I clicked the link in it, I received the same error.

 On closer inspection, my username contained a `.` (period) character. In
 fact, it was the final character in the username.

 When I looked at the URLs in the two emails I received, I noticed that the
 final character (the `.` or period) was stripped from the password reset
 link, which invalidated it.

 I was able to reset my password by copying and pasting the link, then
 adding the `.` character to the end before continuing.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/35255>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list