WordPress.org

Make WordPress Core

Opened 15 months ago

Last modified 15 months ago

#40249 new defect (bug)

period as last character in username breaks activation link

Reported by: ilikewordpress Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.7.3
Component: Login and Registration Keywords:
Focuses: Cc:

Description

Many browsers and mail clients are converting text-URLs to clickable links.

If a user chooses an username with a period at the end, the activation link in the mail could be incorrect, because the mail client thinks, the period is a punctuation character.

See this (non-working) URL for an example: https://www.domain.de/wp-login.php?action=rp&key=XXXXXX&user=ballspieler96.

The period at the end is part of the username but not part of the URL.

Fix: Don't use the username as last parameter. Instead use a defined parameter, which won't have periods as value (i.e. 2action" or "key")

Change History (1)

#1 @ilikewordpress
15 months ago

  • Type changed from enhancement to defect (bug)
Note: See TracTickets for help on using tickets.