[wp-trac] [WordPress Trac] #53634: Editing user in Dashboard and using "Send Reset Link " broken by retrieve_password()
WordPress Trac
noreply at wordpress.org
Fri Jul 9 14:45:04 UTC 2021
#53634: Editing user in Dashboard and using "Send Reset Link " broken by
retrieve_password()
--------------------------+-----------------------------
Reporter: boblindner | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 5.7.2
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
If you change the email of a user created with the username of an email
address you are unable to send a reset link because retrieve_password() in
wp-includes/user.php mistakenly thinks the username is an email address
for a user (because it contains an @) so you get:
`Error: There is no account with that username or email address.`
Steps to reproduce:
* make a user with the same username AND email address. e.g.
`foo(@)example.com`
* edit that user and change the email address (username not editable) to
the email address. e.g. `bar(@)example.com` and save user
* Try to use the “Send Reset Link” button while editing that user again
(/wp-admin/user-edit.php)
I think this is happening because the call to retrieve_password() passes
in the username and retrieve_password() mistakenly believes everything
with an "@" in must be an email address.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53634>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list