Bail out from password reset for invalid keys
|Reported by:||wet||Owned by:|
The key protecting the password reset event is a string of a known length of characters from a known character set.
Nevertheless, on the receiving end WordPress tries to filter out invalid characters from the key despite knowing that these must not be there in the first place.
I suggest to simply refuse working with invalid keys and handle that as an error condition.