Opened 9 years ago
Last modified 4 years ago
#34372 new defect (bug)
Password reset link invalid for user names containing blanks
Reported by: | ditler | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 4.3.1 |
Component: | Login and Registration | Keywords: | reporter-feedback |
Focuses: | Cc: |
Description
When a user name contains a blank, resetting the corresponding password. The URL in the reset email will contain a blank, at which point the link will be interrupted.
Attachments (1)
Change History (9)
#3
@
9 years ago
While I do not have deep insight in what role the email client might have here, there is definitely a problem - I tried it with and without the plugin WP Better EMails.
I am using GoogleMail online and experience the problem with the Gmail interface, the Inbox interface and the Android app. Another person has reported the problem using a different email provider, though I do not know which client was used.
I attached the link as I see it when the mails arrives (no plugins).
This is part of the raw email I see when I click "show original" in Gmail:
X-Priority: 3 X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Jemand hat das Zurücksetzen des Passworts für folgendes Benutzerkonto angefordert: https://www.blablabla.de/ Benutzername: Test User name Falls dies nicht beabsichtigt war, ignoriere einfach diese E-Mail. Es wird dann nichts passieren. Um dein Passwort zurückzusetzen, besuche folgende Adresse: <https://www.blablabla.de/pipapo/?action=rp&key=2dB2dSXj3d1JzZ15D7uM&login=Test User name>
#4
@
9 years ago
Could not reproduce on a clean install. Here's the raw email:
X-Priority: 3 X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Someone requested that the password be reset for the following account: http://develop.wordpress/src/ Username: Test User name If this was a mistake, just ignore this email and nothing will happen. To reset your password, visit the following address: <http://develop.wordpress/src/wp-login.php?action=rp&key=plARTJUCFXY8TEvEFADV&login=Test%20User%20name>
Does the issue still happen with all plugins disabled and a default theme (Twenty Fifteen) activated?
#5
@
8 years ago
I've been experiencing the same issue. What I discovered so far:
A. Lastname is correctly translated to A.%20Lastname A. de Lastname is not correctly translated. This ends up as A.20Lastname.
I'm starting to think its trying to interpret the %20de as a single utf-8 character.
I'll conduct a few more tests to see if I can confirm this.
The username is encoded using
rawurlencode
and the email content looks like this for the useruser with space
:Seems correct to me. Which email client did you experience this?