Opened 8 years ago
Last modified 8 years ago
#40249 new defect (bug)
period as last character in username breaks activation link
Reported by: | ilikewordpress | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 4.7.3 |
Component: | Login and Registration | Keywords: | |
Focuses: | Cc: |
Description
Many browsers and mail clients are converting text-URLs to clickable links.
If a user chooses an username with a period at the end, the activation link in the mail could be incorrect, because the mail client thinks, the period is a punctuation character.
See this (non-working) URL for an example:
https://www.domain.de/wp-login.php?action=rp&key=XXXXXX&user=ballspieler96.
The period at the end is part of the username but not part of the URL.
Fix:
Don't use the username as last parameter. Instead use a defined parameter, which won't have periods as value (i.e. 2action" or "key")
Note: See
TracTickets for help on using
tickets.