#39720 closed defect (bug) (invalid)
retrieve_password_key returning strings including special characters that in a link is url encoded
Reported by: | dejliglama | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.7.1 |
Component: | Users | Keywords: | close |
Focuses: | Cc: |
Description
The link sent out in mail to create new password sometimes holds characters like $
When clicking the link, that is transformed into %24 (or other possible URL encodings).
The form is loaded niceley, but uppon submitting the form, an "invalid key" error is shown. - rightly so, since they key isn't valid.
The issue is the characters that is used to create the keys.
Change History (4)
Note: See
TracTickets for help on using
tickets.
Thanks for the report, @dejliglama.
The password reset key intentionally does not include special characters such as punctuation. See: https://core.trac.wordpress.org/browser/trunk/src/wp-includes/user.php?rev=39600&marks=2110#L2108 (note that
false
is passed as the second parameter towp_generate_password()
).Are you using a plugin on your site which overrides the password reset process?