WordPress.org

Make WordPress Core

Opened 3 years ago

Last modified 4 months ago

#38897 new defect (bug) (duplicate)

user_email with & (ampersand) being encoded within the database making notifications fail

Reported by: garrett-eclipse Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.6.1
Component: Users Keywords:
Focuses: Cc:

Description (last modified by garrett-eclipse)

Hello,

It seems WordPress does some encoding on the email field which causes issues as the encoded email is stored in the database and causes notifications to fail as it's no longer a valid email.

The specific email i noticed this with had an ampersand (&) within the email, the following is a bogus one to illustrate;
johnny&joey@…

This is apparently a valid email according to telus.net (as the email exists there, not that exact one of course) and according to IETF Trust as shown in this stack overflow answer;
http://stackoverflow.com/a/2049510

Anyway, if you register a user with an email containing & it will encode it into the database and fail to deliver the password notification.

The following should NOT be encoded;
"Characters ! # $ % & ' * + - / = ? _ ` { | } ~
Character . (dot, period, full stop) provided that it is not the first or last character, and provided also that it does not appear two or more times consecutively."

Thank you

Change History (1)

#2 @garrett-eclipse
7 months ago

  • Description modified (diff)
  • Resolution set to duplicate

I was going to reopen this but found there's an older ticket with an existing patch that was also closed in the mass closure so marking this a duplicate of #16788 and re-opening it.

Note: See TracTickets for help on using tickets.