Opened 3 months ago
Last modified 3 months ago
#23420 new enhancement
Lost password, invalid key - noticed something
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Awaiting Review |
| Component: | Version: | 3.5.1 | |
| Severity: | normal | Keywords: | close |
| Cc: |
Description
Hi there,
I have noticed something about the lost password/email retrieval that may be a bug or may help out with the number of requests this gets.
The link sent with the key and user name is surrounded with < and >
Some email clients are misinterpreting this link and including the > at the end of the user name which in turn kills the database query because the user name does not match.
I have run a couple of tests changing line 235 of wp-login.php to be:
$message .= network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "\r\n";
from
$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";
This seems to sort the problem out.
Change History (5)
comment:2
SergeyBiryukov — 3 months ago
- Keywords close added
The link sent with the key and user name is surrounded with < and >
As noted by dd32, there's a reason for them to be there: #14140.
I wrote a couple of simple plugins to resolve this issue for some users on the support forums without hacking the core:
- This one removes the brackets from all password retrieval messages:
http://pastebin.com/ni7rs384 - This one does that only for a specific service that is known to misinterpret the brackets:
http://pastebin.com/1Et2yb4b
Replying to dd32:
The only times I've seen this broken, is when using a plugin which adds HTML emails to WordPress, which causes the < and > to be interpreted as a HTML element.
Related: #21095
comment:3
demonpengu — 3 months ago
Hi There,
No email plugins.
The Kerio webmail client certainly is a problem. I will have to go investigate the others.
Andy
comment:4
SergeyBiryukov — 3 months ago
Related: #23578
comment:5
SergeyBiryukov — 3 months ago
- Component changed from General to Mail
What email clients have you experienced this with? Are you using any email-related plugins at all?
WordPress only uses plain text emails at present by default, and using < and > around links is the standard (for many many many years) on how to present longer links, without it, when the link gets broken up over multiple lines (which is almost a definite with plain text emails)only the first part of the link ends up getting linked in the email client, so really, they're required.
The only times I've seen this broken, is when using a plugin which adds HTML emails to WordPress, which causes the < and > to be interpreted as a HTML element.