#34970 closed defect (bug) (duplicate)
reset password link is broken in email
Reported by: | restonce | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.6 |
Component: | Login and Registration | Keywords: | |
Focuses: | Cc: |
Description
Hello, I am using 'WordPress 4.4' and my browser is chrome 47.0 .
At first ,I forgot my password , and click 'reset password' .
And then , my mailbox recived a email like .
I click the reset link and notice the link attached with a '>' charactor. (So my reset link is 'https://blog.restonce.com/wp-login.php?action=rp&key=rMBV4nFgcNSGxPQACcOW&login=readme%3E'. )
As you expected , reset password error .
I found the bug at 'https://github.com/WordPress/WordPress/blob/master/wp-login.php#L327' :
<?php $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";
: the link attached the UserName and '>' charactor.
So I suggest to insert a blank character before the last '>' to separate them and fix this bug.
Change History (3)
#1
@
9 years ago
- Component changed from Users to Login and Registration
- Keywords reporter-feedback added
#2
@
9 years ago
- Keywords reporter-feedback removed
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
Hi @restonce, welcome to Trac!
Thanks for the report, we're already tracking this issue in #23578.
See comment:2:ticket:23420 for a workaround.
#3
@
9 years ago
Thanks for you ! @swissspidy and @SergeyBiryukov .
I readed the above issue and I will chose the http://pastebin.com/ni7rs384 to fix it.
Hi there, welcome to trac!
These brackets were added intentionally in #14140.
The link works fine in Gmail for me. Perhaps a plugin sets the email mime type to
text/html
? That will break this. See #23578 and #21095.