[wp-trac] [WordPress Trac] #40728: Added urlencode on wp_lostpassword_url()
WordPress Trac
noreply at wordpress.org
Fri May 26 18:24:21 UTC 2017
#40728: Added urlencode on wp_lostpassword_url()
------------------------------------+------------------------------
Reporter: adhun | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: trunk
Severity: critical | Resolution:
Keywords: has-patch | Focuses: administration
------------------------------------+------------------------------
Comment (by adhun):
Replying to [comment:4 jnylen0]:
> > which was resulting in 404 error in some instances
>
> Can you be more specific here? How can we reproduce this breakage?
Yes, Steps to reproduce the issue
if you use wp_lostpassword_url(home_url()) on http://example.com it will
generate a url like the following
{{{
http://example.com/wp-
login.php?action=lostpassword&redirect_to=http://example.com
}}}
so the url parameter here contains slashes which not safe on all kind of
servers.
so when we add urlencode for the redirect url will be
{{{
http://example.com/wp-
login.php?action=lostpassword&redirect_to=http%3A%2F%2Fexample.com
}}}
and it is safe for all kind of servers.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40728#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list