Activation link and reset password wrong parsing

[AirFlame]

There is a error parsing a links to a reset password and to a activation link. On some email boxes links display incorrectly.

in wp-login.php

<?php

$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user->user_login), 'login') . ">\r\n\r\n";

And in wp-includes/pluggable.php

<?php
$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user->user_login), 'login') . ">\r\n\r\n";

Link that is displaying in Polish language. In activation have a '>' and ';' at the end

Nazwa użytkownika: someuser

Aby ustawić hasło, przejdź na stronę:

<​http://www.somesite.pl/wp-login.php?action=rp&key=TwBzu7k3q4g3VKonp8FY&login=someuser'''>;

​http://www.somesite.pl/wp-login.php

So instead of redirection to link:
​http://www.somesite.pl/wp-login.php?action=rp&key=TwBzu7k3q4g3VKonp8FY&login=someuser

it redirect to

​http://www.somesite.pl/wp-login.php?action=rp&key=TwBzu7k3q4g3VKonp8FY&login=someuser>

And usre cant activate accont using this link same goes to the restart password because in link this '>' adds.

Please fix.

[thamaraiselvam]

I tested it and its working fine.

from login.php
<​http://localhost/contribute/wp-login.php?action=rp&key=DkoDq7DpAB8cXrbskKVn&login=selva>

from wp-includes/pluggable.php
<​http://localhost/contribute/wp-login.php?action=rp&key=OklWpiwqVGJrjLm1ofCH&login=thamarai>

[thamaraiselvam]

@AirFlame Are you using any quotes in the username?

[SergeyBiryukov]

Hi @AirFlame, welcome to WordPress Trac! Thanks for the report.

Wrapping URLs in angle brackets is recommended behaviour by both ​the W3C and in ​Section C of the URI RFC.

If some email service includes the ending bracket in the link, unfortunately there's not much we can do to fix that.

See comment:2:ticket:23420 for a potential workaround.

Previously: #21095, #23420, #32562.

[AirFlame]

Proof that on some mails this symbols < and > brake activation links and people cant log in because of that. Same goes to change password.

​https://youtu.be/5eRq9dtOTGw

[thamaraiselvam]

Duplicate of #23420.

@AirFlame It's not something wrong with WordPress code, Please try with other email services like Gmail. I tried in both Gmail and Outlook, it was working for me.

[AirFlame]

I will tell people to register on my site with other email services... Thsts briliant idea...
People come to my site and i dont want to force them to use emails that work with wordpress....

[AirFlame]

Replying to thamaraiselvam:

Duplicate of #23420.

@AirFlame It's not something wrong with WordPress code, Please try with other email services like Gmail. I tried in both Gmail and Outlook, it was working for me.

Try on o2.pl and You will not get normal link just a broken link that dont work because of that > in the code. People are having problems with it like in 5 years now. Do something about this... You want to force people to use gmail or yahoo not the mails that they are using ?

[johnbillion]

Replying to AirFlame:

Try on o2.pl and You will not get normal link just a broken link that dont work because of that > in the code. People are having problems with it like in 5 years now. Do something about this... You want to force people to use gmail or yahoo not the mails that they are using ?

Yes this is frustrating for you, but this is a bug in the email service provider which is not respecting web standards for URL handling. It's unreasonable to expect software to cater for other software which doesn't respect the most basic of web standards.

In addition, bugs are present when the angle brackets are not in place, hence why they were introduced seven years ago in #14140.

It would be more productive for you to get in touch with the email provider and ask them to correct their bug. The bug will affect all software and services which send emails containing bracket-delimited URLs, not just WordPress.

[AirFlame]

Replying to johnbillion:

Replying to AirFlame:

Try on o2.pl and You will not get normal link just a broken link that dont work because of that > in the code. People are having problems with it like in 5 years now. Do something about this... You want to force people to use gmail or yahoo not the mails that they are using ?

Yes this is frustrating for you, but this is a bug in the email service provider which is not respecting web standards for URL handling. It's unreasonable to expect software to cater for other software which doesn't respect the most basic of web standards.

In addition, bugs are present when the angle brackets are not in place, hence why they were introduced seven years ago in #14140.

It would be more productive for you to get in touch with the email provider and ask them to correct their bug. The bug will affect all software and services which send emails containing bracket-delimited URLs, not just WordPress.

I understand but tell me for what hell is that < > ? If it cause problems for users that register to people wordpress ? They loose people because if someone cant register he will go away and never come back to that site. And funny thing is people dont know about this bug. And they are thinking why people register and dont enter and write. The bug cause people ban ips because they think bots are registering, it cause loss of space in db becasue new tables are created all the time. And waste of time for users that try to log in...

[AirFlame]

How to hook email content that sends activation link not remember password ?

I do in functions this:

function fix_password_reset_link($message) {
        return preg_replace('/<http:\/\/(.*)>/', 'http://$1', $message);
}
add_filter( 'retrieve_password_message', 'fix_password_reset_link');

function fix_password_reset_link2($content) {
        return preg_replace('/<http:\/\/(.*)>/', 'http://$1', $content);
}
add_filter( 'wp_mail_original_content', 'fix_password_reset_link2');