WordPress.org

Make WordPress Core

Opened 2 months ago

Last modified 7 weeks ago

#53634 new defect (bug)

Editing user in Dashboard and using "Send Reset Link " broken by retrieve_password()

Reported by: boblindner Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.7.2
Component: Users Keywords: has-patch
Focuses: Cc:

Description

If you change the email of a user created with the username of an email address you are unable to send a reset link because retrieve_password() in wp-includes/user.php mistakenly thinks the username is an email address for a user (because it contains an @) so you get:

Error: There is no account with that username or email address.

Steps to reproduce:

  • make a user with the same username AND email address. e.g. foo(@)example.com
  • edit that user and change the email address (username not editable) to the email address. e.g. bar(@)example.com and save user
  • Try to use the “Send Reset Link” button while editing that user again (/wp-admin/user-edit.php)

I think this is happening because the call to retrieve_password() passes in the username and retrieve_password() mistakenly believes everything with an "@" in must be an email address.

Change History (2)

This ticket was mentioned in PR #1536 on WordPress/wordpress-develop by donmhico.


7 weeks ago

  • Keywords has-patch added

This PR takes into account that username can have @ char.

For backward-compatibility, we are still sending the WP_Error with error message invalid_email if the passed user login has @ character and no user data was found.

Trac ticket: https://core.trac.wordpress.org/ticket/53634

This ticket was mentioned in PR #1536 on WordPress/wordpress-develop by donmhico.


7 weeks ago

This PR takes into account that username can have @ char.

For backward-compatibility, we are still sending the WP_Error with error message invalid_email if the passed user login has @ character and no user data was found.

Trac ticket: https://core.trac.wordpress.org/ticket/53634

Note: See TracTickets for help on using tickets.