[wp-trac] [WordPress Trac] #40249: period as last character in username breaks activation link
WordPress Trac
noreply at wordpress.org
Fri Mar 24 10:38:46 UTC 2017
#40249: period as last character in username breaks activation link
------------------------------------+-----------------------------
Reporter: ilikewordpress | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 4.7.3
Severity: normal | Keywords:
Focuses: |
------------------------------------+-----------------------------
Many browsers and mail clients are converting text-URLs to clickable
links.
If a user chooses an username with a period at the end, the activation
link in the mail could be incorrect, because the mail client thinks, the
period is a punctuation character.
See this (non-working) URL for an example:
https://www.domain.de/wp-
login.php?action=rp&key=XXXXXX&user=ballspieler96.
The period at the end is part of the username but not part of the URL.
Fix:
Don't use the username as last parameter. Instead use a defined parameter,
which won't have periods as value (i.e. 2action" or "key")
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40249>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list