[wp-trac] [WordPress Trac] #42957: Usernames ending in a period generate invalid reset password links in certain email clients

WordPress Trac noreply at wordpress.org
Thu Jul 4 21:59:51 UTC 2024 

#42957: Usernames ending in a period generate invalid reset password links in
certain email clients
-------------------------------------------------+-------------------------
 Reporter:  paulcline                            |       Owner:  dmsnell
     Type:  defect (bug)                         |      Status:  closed
 Priority:  normal                               |   Milestone:  6.7
Component:  Users                                |     Version:
 Severity:  normal                               |  Resolution:  fixed
 Keywords:  has-patch has-unit-tests needs-dev-  |     Focuses:
  note dev-feedback                              |
-------------------------------------------------+-------------------------
Changes (by dmsnell):

 * owner:  (none) => dmsnell
 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In [changeset:"58674" 58674]:
 {{{
 #!CommitTicketReference repository="" revision="58674"
 Users: Avoid ambiguous password reset URLs for usernames ending in a
 period.

 When WordPress sends out a password-reset or new-user email, it generates
 a link for someone to follow in order to take them to the reset page. If
 the user login name ends in a period, however, that generated URL will
 end in a period and many email clients will confuse it with a
 sentence-ending period instead of being part of the query arguments.

 In this patch, the generated URL's query argument are rearranged so that
 the link will never end in a period. Alternative ideas were explored to
 create a new function to escape URL-ending periods, but this patch
 resolves
 the reported problem without raising any further architectural questions.

 Developed in https://github.com/WordPress/wordpress-develop/pull/6834
 Discussed in https://core.trac.wordpress.org/ticket/42957

 Props audrasjb, costdev, daveagp, dmsnell, hellofromTonya, markparnell,
 mukesh27, nhrrob, obrienlabs, paulcline.
 Fixes #42957.
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/42957#comment:41>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list