Make WordPress Core

Opened 8 years ago

Last modified 8 years ago

#40249 new defect (bug)

period as last character in username breaks activation link

Reported by: ilikewordpress's profile ilikewordpress Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.7.3
Component: Login and Registration Keywords:
Focuses: Cc:

Description

Many browsers and mail clients are converting text-URLs to clickable links.

If a user chooses an username with a period at the end, the activation link in the mail could be incorrect, because the mail client thinks, the period is a punctuation character.

See this (non-working) URL for an example:
https://www.domain.de/wp-login.php?action=rp&key=XXXXXX&user=ballspieler96.

The period at the end is part of the username but not part of the URL.

Fix:
Don't use the username as last parameter. Instead use a defined parameter, which won't have periods as value (i.e. 2action" or "key")

Change History (1)

#1 @ilikewordpress
8 years ago

  • Type changed from enhancement to defect (bug)
Note: See TracTickets for help on using tickets.