Make URL parameter for activation key parameter filterable
|Reported by:||boonebgorges||Owned by:|
|Component:||Login and Registration||Keywords:|
The Office 365 email service (perhaps among others? Who knows what lurks out there?) filters all outgoing links, for security purposes. Among its security restrictions is that emailed links with URL parameters containing the string 'key' are forbidden; clicking them leads to an error. This includes links of the form http://example.com/wp-activate.php?key=12345, the link format used when sending activation emails in multisite. The result is that users cannot click the link to activate their accounts - and, in fact, they can't even copy and paste it in normal ways, because Microsoft masks the link (ugh).
This is an annoying problem that is in no way WordPress's fault. However, it causes severe problems in places where WP is used and Office 365 use is required, such as some universities. And, while it's easy to fix the text of the outgoing email using the notification filters in ms-functions.php, it's very difficult to modify the way that wp-activate.php works without resorting to the hackiest of hacks.
As a lightweight and backward compatibile workaround, I'm suggesting that the 'key' parameter be filterable. Patch attached, which abstracts the parameter into a filter wrapper. Not the most elegant thing in the world, but we are dealing with a problem of mammoth stupidity in the first place. Thanks for considering.
Change History (20)
in reply to:
4 years ago
3 years ago
- Component changed from Multisite to Login and Registration
- Focuses multisite added
18 months ago
- Keywords has-patch needs-testing removed
- Milestone Future Release deleted
- Resolution set to worksforme
- Status changed from new to closed