[wp-trac] [WordPress Trac] #34697: Password (re)set form fails when addressed as /wp-login.php/
WordPress Trac
noreply at wordpress.org
Mon Nov 16 02:47:10 UTC 2015
#34697: Password (re)set form fails when addressed as /wp-login.php/
------------------------------------+-----------------------------
Reporter: friedcell | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 4.3.1
Severity: normal | Keywords:
Focuses: administration |
------------------------------------+-----------------------------
`setcookie` in resetpass uses `$rp_path` to set the path for the cookie,
but does not use the same `$rp_path` when setting up the form action in
HTML. This means that the cookie can be set to a path where it will not be
submitted by the browser on post and thus the form will fail.
Easily reproducable by adding changing the reset password link from `/wp-
login.php?...` to `/wp-login.php/?...` For some reason Firefox works
(submits cookie), but Chrome and IE fail (don't submit cookie).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34697>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list