#40294 closed defect (bug) (duplicate)
Activation link and reset password wrong parsing
Reported by: | AirFlame | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.7.3 |
Component: | Login and Registration | Keywords: | |
Focuses: | Cc: |
Description
There is a error parsing a links to a reset password and to a activation link. On some email boxes links display incorrectly.
in wp-login.php
<?php $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user->user_login), 'login') . ">\r\n\r\n";
And in wp-includes/pluggable.php
<?php $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user->user_login), 'login') . ">\r\n\r\n";
Link that is displaying in Polish language. In activation have a '>' and ';' at the end
Nazwa użytkownika: someuser
Aby ustawić hasło, przejdź na stronę:
<http://www.somesite.pl/wp-login.php?action=rp&key=TwBzu7k3q4g3VKonp8FY&login=someuser'''>;
http://www.somesite.pl/wp-login.php
So instead of redirection to link:
http://www.somesite.pl/wp-login.php?action=rp&key=TwBzu7k3q4g3VKonp8FY&login=someuser
it redirect to
http://www.somesite.pl/wp-login.php?action=rp&key=TwBzu7k3q4g3VKonp8FY&login=someuser>
And usre cant activate accont using this link same goes to the restart password because in link this '>' adds.
Please fix.
Change History (10)
#3
@
7 years ago
- Milestone Awaiting Review deleted
- Resolution changed from worksforme to duplicate
Hi @AirFlame, welcome to WordPress Trac! Thanks for the report.
Wrapping URLs in angle brackets is recommended behaviour by both the W3C and in Section C of the URI RFC.
If some email service includes the ending bracket in the link, unfortunately there's not much we can do to fix that.
See comment:2:ticket:23420 for a potential workaround.
#4
@
7 years ago
- Resolution duplicate deleted
- Status changed from closed to reopened
Proof that on some mails this symbols < and > brake activation links and people cant log in because of that. Same goes to change password.
#5
follow-up:
↓ 7
@
7 years ago
- Resolution set to duplicate
- Status changed from reopened to closed
Duplicate of #23420.
@AirFlame It's not something wrong with WordPress code, Please try with other email services like Gmail. I tried in both Gmail and Outlook, it was working for me.
#6
@
7 years ago
I will tell people to register on my site with other email services... Thsts briliant idea...
People come to my site and i dont want to force them to use emails that work with wordpress....
#7
in reply to:
↑ 5
;
follow-up:
↓ 8
@
7 years ago
Replying to thamaraiselvam:
Duplicate of #23420.
@AirFlame It's not something wrong with WordPress code, Please try with other email services like Gmail. I tried in both Gmail and Outlook, it was working for me.
Try on o2.pl and You will not get normal link just a broken link that dont work because of that > in the code. People are having problems with it like in 5 years now. Do something about this... You want to force people to use gmail or yahoo not the mails that they are using ?
#8
in reply to:
↑ 7
;
follow-up:
↓ 9
@
7 years ago
Replying to AirFlame:
Try on o2.pl and You will not get normal link just a broken link that dont work because of that > in the code. People are having problems with it like in 5 years now. Do something about this... You want to force people to use gmail or yahoo not the mails that they are using ?
Yes this is frustrating for you, but this is a bug in the email service provider which is not respecting web standards for URL handling. It's unreasonable to expect software to cater for other software which doesn't respect the most basic of web standards.
In addition, bugs are present when the angle brackets are not in place, hence why they were introduced seven years ago in #14140.
It would be more productive for you to get in touch with the email provider and ask them to correct their bug. The bug will affect all software and services which send emails containing bracket-delimited URLs, not just WordPress.
#9
in reply to:
↑ 8
@
7 years ago
Replying to johnbillion:
Replying to AirFlame:
Try on o2.pl and You will not get normal link just a broken link that dont work because of that > in the code. People are having problems with it like in 5 years now. Do something about this... You want to force people to use gmail or yahoo not the mails that they are using ?
Yes this is frustrating for you, but this is a bug in the email service provider which is not respecting web standards for URL handling. It's unreasonable to expect software to cater for other software which doesn't respect the most basic of web standards.
In addition, bugs are present when the angle brackets are not in place, hence why they were introduced seven years ago in #14140.
It would be more productive for you to get in touch with the email provider and ask them to correct their bug. The bug will affect all software and services which send emails containing bracket-delimited URLs, not just WordPress.
I understand but tell me for what hell is that < > ? If it cause problems for users that register to people wordpress ? They loose people because if someone cant register he will go away and never come back to that site. And funny thing is people dont know about this bug. And they are thinking why people register and dont enter and write. The bug cause people ban ips because they think bots are registering, it cause loss of space in db becasue new tables are created all the time. And waste of time for users that try to log in...
#10
@
7 years ago
How to hook email content that sends activation link not remember password ?
I do in functions this:
<?php function fix_password_reset_link($message) { return preg_replace('/<http:\/\/(.*)>/', 'http://$1', $message); } add_filter( 'retrieve_password_message', 'fix_password_reset_link'); function fix_password_reset_link2($content) { return preg_replace('/<http:\/\/(.*)>/', 'http://$1', $content); } add_filter( 'wp_mail_original_content', 'fix_password_reset_link2');
I tested it and its working fine.
from login.php
<http://localhost/contribute/wp-login.php?action=rp&key=DkoDq7DpAB8cXrbskKVn&login=selva>
from wp-includes/pluggable.php
<http://localhost/contribute/wp-login.php?action=rp&key=OklWpiwqVGJrjLm1ofCH&login=thamarai>