[wp-trac] [WordPress Trac] #35411: Emails confirming password change have incorrect formatting if the blogname contains a special character

WordPress Trac noreply at wordpress.org
Mon Jan 11 23:11:33 UTC 2016 

#35411: Emails confirming password change have incorrect formatting if the blogname
contains a special character
----------------------------+------------------------
 Reporter:  michaelshulman  |       Owner:
     Type:  defect (bug)    |      Status:  closed
 Priority:  normal          |   Milestone:
Component:  Users           |     Version:  4.4.1
 Severity:  normal          |  Resolution:  duplicate
 Keywords:                  |     Focuses:
----------------------------+------------------------
Changes (by SergeyBiryukov):

 * status:  new => closed
 * resolution:   => duplicate
 * milestone:  Awaiting Review =>


Old description:

> My blog name is "Well Produced Food & Wine". The ampersand (&) must be
> properly escaped in HTML, so it becomes &
>
> When I get a password confirmed email, the blog name includes the entity
> & which is unnecessary in email.
>
> {{{
> Hi Michael,
>
> This notice confirms that your password was changed on Well Produced Food
> & Wine.
>
> }}}
>
> In wp-includes/user.php, line 1668, the blogname is fetched and decoded,
> in this line:
>                $blog_name = wp_specialchars_decode( get_option(
> 'blogname' ) );
>
> The fix is to use that newly decoded $blog_name in line 1720.
>
>                 $pass_change_email['message'] = str_replace(
> '###SITENAME###', $blog_name, $pass_change_email['message'] );
>

> instead of
>                 $pass_change_email['message'] = str_replace(
> '###SITENAME###', get_option( ' blogname' ),
> $pass_change_email['message'] );
>

> I have tested this change locally.

New description:

 My blog name is "Well Produced Food & Wine". The ampersand (&) must be
 properly escaped in HTML, so it becomes &

 When I get a password confirmed email, the blog name includes the entity
 & which is unnecessary in email.

 {{{
 Hi Michael,

 This notice confirms that your password was changed on Well Produced Food
 & Wine.

 }}}

 In wp-includes/user.php, line 1668, the blogname is fetched and decoded,
 in this line:
 {{{
                $blog_name = wp_specialchars_decode( get_option( 'blogname'
 ) );
 }}}

 The fix is to use that newly decoded $blog_name in line 1720.
 {{{
                 $pass_change_email['message'] = str_replace(
 '###SITENAME###', $blog_name, $pass_change_email['message'] );
 }}}

 instead of
 {{{
                 $pass_change_email['message'] = str_replace(
 '###SITENAME###', get_option( ' blogname' ), $pass_change_email['message']
 );
 }}}

 I have tested this change locally.

--

Comment:

 Hi @michaelshulman, welcome to Trac!

 Thanks for the report, we're already tracking this issue in #35283.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/35411#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list