[wp-trac] [WordPress Trac] #22367: Usernames with "@" char are assumed email addresses, causing incorrect look-up in several places
WordPress Trac
noreply at wordpress.org
Fri Sep 17 14:06:06 UTC 2021
#22367: Usernames with "@" char are assumed email addresses, causing incorrect
look-up in several places
------------------------------------+------------------------------
Reporter: johnjamesjacoby | Owner: johnjamesjacoby
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone:
Component: Users | Version:
Severity: normal | Resolution:
Keywords: dev-feedback has-patch | Focuses:
------------------------------------+------------------------------
Comment (by gchtr):
I just ran into the issue in #54093 with a username that was generated
from the email address, but contains a "+".
When a user is created with an email address `test+75 at example.org`, then
the generated username will be `test75 at example.org` because
`sanitize_user()` strips away the `+` in `wp_insert_user()`. (Using a `+`
in an email address is quite common when you use Google Mail, because you
can create email aliases with it.)
If I then try to send the password reset link, WordPress looks for a user
with an email address `test75 at example.org`, can’t find one and tells me
that the user doesn’t exist.
When an `is_email()` check is used like in the suggested patches, then
`test75 at example.org` will still return true, but `retrieve_password()`
will still fail.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/22367#comment:28>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list