Make WordPress Core

Changeset 47086


Ignore:
Timestamp:
01/18/2020 02:30:24 AM (5 years ago)
Author:
SergeyBiryukov
Message:

Mail: Remove angle brackets from password reset URL in emails sent by retrieve_password() and wp_new_user_notification().

The brackets were originally added in [16285] per W3C recommendation in https://www.w3.org/Addressing/URL/5.1_Wrappers.html to avoid wrapping the URL across multiple lines in plain text in older email clients.

This doesn't seem like a common issue in modern email clients, and the current implementation causes more issues than it solves. Since the URL is on a line by itself, it should not require any delimiters.

The URL in recovery mode email introduced in [44973] doesn't have angle brackets, so it's time to retire them in password reset email too if they're not used consistently.

Props donmhico, Otto42, sproutchris, iandunn, dd32, DaveWP196, sebastian.pisula, tommix, sablednah, julian.kimmig, Rahe, clayisland, arenddeboer, nicole2292, nagoke, squarecandy, eatingrules, SergeyBiryukov.
Fixes #21095, #23578, #44589.

Location:
trunk/src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r47060 r47086  
    20172017        $message  = sprintf( __( 'Username: %s' ), $user->user_login ) . "\r\n\r\n";
    20182018        $message .= __( 'To set your password, visit the following address:' ) . "\r\n\r\n";
    2019         $message .= '<' . network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user->user_login ), 'login' ) . ">\r\n\r\n";
     2019        $message .= network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user->user_login ), 'login' ) . "\r\n\r\n";
    20202020
    20212021        $message .= wp_login_url() . "\r\n";
  • trunk/src/wp-login.php

    r47054 r47086  
    427427    $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n";
    428428    $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";
    429     $message .= '<' . network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . ">\r\n";
     429    $message .= network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . "\r\n";
    430430
    431431    /* translators: Password reset notification email subject. %s: Site title. */
Note: See TracChangeset for help on using the changeset viewer.