Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#34970 closed defect (bug) (duplicate)

reset password link is broken in email

Reported by: restonce's profile restonce Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.6
Component: Login and Registration Keywords:
Focuses: Cc:

Description

Hello, I am using 'WordPress 4.4' and my browser is chrome 47.0 .

At first ,I forgot my password , and click 'reset password' .

And then , my mailbox recived a email like http://oi67.tinypic.com/21loaoh.jpg.

I click the reset link and notice the link attached with a '>' charactor. (So my reset link is 'https://blog.restonce.com/wp-login.php?action=rp&key=rMBV4nFgcNSGxPQACcOW&login=readme%3E'. )
As you expected , reset password error .

I found the bug at 'https://github.com/WordPress/WordPress/blob/master/wp-login.php#L327' :

<?php
$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";

: the link attached the UserName and '>' charactor.

So I suggest to insert a blank character before the last '>' to separate them and fix this bug.

Change History (3)

#1 @swissspidy
9 years ago

  • Component changed from Users to Login and Registration
  • Keywords reporter-feedback added

Hi there, welcome to trac!

These brackets were added intentionally in #14140.

The link works fine in Gmail for me. Perhaps a plugin sets the email mime type to text/html? That will break this. See #23578 and #21095.

#2 @SergeyBiryukov
9 years ago

  • Keywords reporter-feedback removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi @restonce, welcome to Trac!

Thanks for the report, we're already tracking this issue in #23578.

See comment:2:ticket:23420 for a workaround.

#3 @restonce
9 years ago

Thanks for you ! @swissspidy and @SergeyBiryukov .
I readed the above issue and I will chose the http://pastebin.com/ni7rs384 to fix it.

Note: See TracTickets for help on using tickets.