Index: tests/phpunit/tests/wp-login.php
===================================================================
--- tests/phpunit/tests/wp-login.php	(revision 0)
+++ tests/phpunit/tests/wp-login.php	(working copy)
@@ -0,0 +1,77 @@
+<?php
+
+/**
+ * @group wp-login
+ */
+class Tests_WP_Login extends WP_UnitTestCase {
+
+	/**
+	 * Include just the PHP functions of a file for testing.
+	 */
+	public function include_php_functions( $path ) {
+		$inc_lines = array();
+		$in_func = $in_script = false;
+		$lines = explode( "\n", file_get_contents( ABSPATH . '/wp-login.php' ) );
+		foreach ( $lines as $line ) {
+			if ( $in_func ) {
+				$inc_lines[] = $line;
+				if ( 0 === strpos( $line, '}' ) ) {
+					$in_func = false;
+				}
+			} elseif ( $in_script ) {
+				if ( 0 === strpos( $line, '</script' ) ) {
+					$in_script = false;
+				}
+			} elseif ( 0 === strpos( $line, '<script' ) ) {
+				$in_script = true;
+			} elseif ( 0 === strpos( $line, 'function ' ) ) {
+				$in_func = true;
+				$inc_lines[] = $line;
+			}
+		}
+		if ( $inc_lines ) {
+			$inc = implode( "\n", $inc_lines );
+			eval( $inc );
+		}
+	}
+
+	public function setUp() {
+		$this->include_php_functions( ABSPATH . '/wp-login.php' );
+	}
+
+	/**
+	 * Check can retrieve password when email address includes apostrophes.
+	 *
+	 * @ticket 36322
+	 */
+	function test_retrieve_password_email_unslashed() {
+		$email = 'sean.o\'dough@example.com';
+		$slashed_email = wp_slash( $email );
+
+		// Add user.
+		$_POST = array();
+		$_POST['user_login'] = 'Sean O Dough';
+		$_POST['role'] = 'subscriber';
+		$_POST['email'] = $slashed_email;
+		$_POST['first_name'] = 'Seán';
+		$_POST['last_name'] = 'O\\\'Dough';
+		$_POST['nickname'] = 'O\\\'Doughie';
+		$_POST['display_name'] = 'Seán O\\\'Dough';
+		$_POST['pass1'] = $_POST['pass2'] = 'password';
+
+		$user_id = edit_user();
+		$user = get_user_by( 'ID', $user_id );
+
+		$this->assertInternalType( 'int', $user_id );
+		$this->assertInstanceOf( 'WP_User', $user );
+		$this->assertEquals( $_POST['user_login'], $user->user_login );
+		$this->assertEquals( $email, $user->user_email );
+
+		// Retrieve password by email.
+		$_POST = array();
+		$_POST['user_login'] = $slashed_email;
+
+		$response = retrieve_password();
+		$this->assertTrue( $response );
+	}
+}