Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#11363 closed defect (bug) (duplicate)

Password Email Subject - Special Chars

Reported by: sp1ncycle Owned by:
Milestone: Priority: high
Severity: normal Version: 2.8.5
Component: Users Keywords:
Focuses: Cc:


The Subject in the email has htmlspecialchars and single quotes showup as this:

File: wp-login.php
Line: 166

$title = sprintf(__('[%s] Password Reset'), get_option('blogname'));


File: wp-login.php
Line: 211

$title = sprintf(__('[%s] Your new password'), get_option('blogname'));

The Fix:

$title = sprintf(__('[%s] Password Reset'), htmlspecialchars_decode(get_option('blogname'), ENT_QUOTES));

$title = sprintf(__('[%s] Your new password'), htmlspecialchars_decode(get_option('blogname'), ENT_QUOTES));

Change History (3)

comment:1 @Denis-de-Bernardy6 years ago

  • Component changed from General to Users
  • Milestone changed from 2.9 to 3.0

the charset also needs to be passed, with an @ in front of the function call to avoid warnings on older platforms.

comment:2 @sp1ncycle6 years ago

It appears that almost all notifications sent from Wordpress to the admin have the same issue.
Such as "New User Registration" email.

comment:3 @westi6 years ago

  • Milestone 3.0 deleted
  • Resolution set to duplicate
  • Status changed from new to closed

This was fixed in 2.9 - #9913.

Closing as a duplicate of that ticket.

Note: See TracTickets for help on using tickets.