WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#40294 closed defect (bug) (duplicate)

Activation link and reset password wrong parsing

Reported by: AirFlame Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.7.3
Component: Login and Registration Keywords:
Focuses: Cc:

Description

There is a error parsing a links to a reset password and to a activation link. On some email boxes links display incorrectly.

in wp-login.php

<?php

$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user->user_login), 'login') . ">\r\n\r\n";

And in wp-includes/pluggable.php

<?php
$message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user->user_login), 'login') . ">\r\n\r\n";

Link that is displaying in Polish language. In activation have a '>' and ';' at the end

Nazwa użytkownika: someuser

Aby ustawić hasło, przejdź na stronę:

<http://www.somesite.pl/wp-login.php?action=rp&key=TwBzu7k3q4g3VKonp8FY&login=someuser'''>;

http://www.somesite.pl/wp-login.php

So instead of redirection to link:
http://www.somesite.pl/wp-login.php?action=rp&key=TwBzu7k3q4g3VKonp8FY&login=someuser

it redirect to

http://www.somesite.pl/wp-login.php?action=rp&key=TwBzu7k3q4g3VKonp8FY&login=someuser>

And usre cant activate accont using this link same goes to the restart password because in link this '>' adds.

Please fix.

Change History (10)

#1 @thamaraiselvam
2 years ago

  • Resolution set to worksforme
  • Status changed from new to closed

#2 @thamaraiselvam
2 years ago

@AirFlame Are you using any quotes in the username?

#3 @SergeyBiryukov
2 years ago

  • Milestone Awaiting Review deleted
  • Resolution changed from worksforme to duplicate

Hi @AirFlame, welcome to WordPress Trac! Thanks for the report.

Wrapping URLs in angle brackets is recommended behaviour by both the W3C and in Section C of the URI RFC.

If some email service includes the ending bracket in the link, unfortunately there's not much we can do to fix that.

See comment:2:ticket:23420 for a potential workaround.

Previously: #21095, #23420, #32562.

#4 @AirFlame
2 years ago

  • Resolution duplicate deleted
  • Status changed from closed to reopened

Proof that on some mails this symbols < and > brake activation links and people cant log in because of that. Same goes to change password.

https://youtu.be/5eRq9dtOTGw

Last edited 2 years ago by AirFlame (previous) (diff)

#5 follow-up: @thamaraiselvam
2 years ago

  • Resolution set to duplicate
  • Status changed from reopened to closed

Duplicate of #23420.

@AirFlame It's not something wrong with WordPress code, Please try with other email services like Gmail. I tried in both Gmail and Outlook, it was working for me.

#6 @AirFlame
2 years ago

I will tell people to register on my site with other email services... Thsts briliant idea...
People come to my site and i dont want to force them to use emails that work with wordpress....

Last edited 2 years ago by AirFlame (previous) (diff)

#7 in reply to: ↑ 5 ; follow-up: @AirFlame
2 years ago

Replying to thamaraiselvam:

Duplicate of #23420.

@AirFlame It's not something wrong with WordPress code, Please try with other email services like Gmail. I tried in both Gmail and Outlook, it was working for me.

Try on o2.pl and You will not get normal link just a broken link that dont work because of that > in the code. People are having problems with it like in 5 years now. Do something about this... You want to force people to use gmail or yahoo not the mails that they are using ?

Last edited 2 years ago by AirFlame (previous) (diff)

#8 in reply to: ↑ 7 ; follow-up: @johnbillion
2 years ago

Replying to AirFlame:

Try on o2.pl and You will not get normal link just a broken link that dont work because of that > in the code. People are having problems with it like in 5 years now. Do something about this... You want to force people to use gmail or yahoo not the mails that they are using ?

Yes this is frustrating for you, but this is a bug in the email service provider which is not respecting web standards for URL handling. It's unreasonable to expect software to cater for other software which doesn't respect the most basic of web standards.

In addition, bugs are present when the angle brackets are not in place, hence why they were introduced seven years ago in #14140.

It would be more productive for you to get in touch with the email provider and ask them to correct their bug. The bug will affect all software and services which send emails containing bracket-delimited URLs, not just WordPress.

#9 in reply to: ↑ 8 @AirFlame
2 years ago

Replying to johnbillion:

Replying to AirFlame:

Try on o2.pl and You will not get normal link just a broken link that dont work because of that > in the code. People are having problems with it like in 5 years now. Do something about this... You want to force people to use gmail or yahoo not the mails that they are using ?

Yes this is frustrating for you, but this is a bug in the email service provider which is not respecting web standards for URL handling. It's unreasonable to expect software to cater for other software which doesn't respect the most basic of web standards.

In addition, bugs are present when the angle brackets are not in place, hence why they were introduced seven years ago in #14140.

It would be more productive for you to get in touch with the email provider and ask them to correct their bug. The bug will affect all software and services which send emails containing bracket-delimited URLs, not just WordPress.

I understand but tell me for what hell is that < > ? If it cause problems for users that register to people wordpress ? They loose people because if someone cant register he will go away and never come back to that site. And funny thing is people dont know about this bug. And they are thinking why people register and dont enter and write. The bug cause people ban ips because they think bots are registering, it cause loss of space in db becasue new tables are created all the time. And waste of time for users that try to log in...

#10 @AirFlame
2 years ago

How to hook email content that sends activation link not remember password ?

I do in functions this:

function fix_password_reset_link($message) {
        return preg_replace('/<http:\/\/(.*)>/', 'http://$1', $message);
}
add_filter( 'retrieve_password_message', 'fix_password_reset_link');

function fix_password_reset_link2($content) {
        return preg_replace('/<http:\/\/(.*)>/', 'http://$1', $content);
}
add_filter( 'wp_mail_original_content', 'fix_password_reset_link2');
Last edited 2 years ago by AirFlame (previous) (diff)
Note: See TracTickets for help on using tickets.