Make WordPress Core


Ignore:
Timestamp:
02/26/2024 10:41:50 AM (8 months ago)
Author:
swissspidy
Message:

Login and Registration: Slash email address when updating an existing user.

Addresses an issue with password reset keys when the email address contains special characters such as apostrophes.

Props emirpprime, rajinsharwar, fnpen, hellofromTonya, oglekler, nicolefurlan.
Fixes #52529.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/auth.php

    r56804 r57711  
    839839    }
    840840
     841    /**
     842     * @ticket 52529
     843     */
     844    public function test_reset_password_with_apostrophe_in_email() {
     845        $user_args = array(
     846            'user_email' => "jo'hn@example.com",
     847            'user_pass'  => 'password',
     848        );
     849
     850        $user_id = self::factory()->user->create( $user_args );
     851
     852        $user = get_userdata( $user_id );
     853        $key  = get_password_reset_key( $user );
     854
     855        // A correctly saved key should be accepted.
     856        $check = check_password_reset_key( $key, $user->user_login );
     857
     858        $this->assertNotWPError( $check );
     859        $this->assertInstanceOf( 'WP_User', $check );
     860        $this->assertSame( $user_id, $check->ID );
     861    }
     862
    841863    public function data_application_passwords_can_use_capability_checks_to_determine_feature_availability() {
    842864        return array(
Note: See TracChangeset for help on using the changeset viewer.