Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#54025 closed defect (bug) (duplicate)

Issue in retrieve_password function (file - wp-includes/user.php )

Reported by: parambir's profile parambir Owned by:
Milestone: Priority: normal
Severity: critical Version:
Component: Users Keywords:
Focuses: Cc:

Description

Heu guys,

There is an issue when we click on "Send Reset Link" from the edit user in the wp-admin panel.

This issue is coming from function "retrieve_password" (file location - wp-includes/user.php).

<?php
if ( empty( $user_login ) ) {
        $errors->add( 'empty_username', __( '<strong>Error</strong>: Please enter a username or email address.' ) );
} elseif ( strpos( $user_login, '@' ) ) {
        $user_data = get_user_by( 'email', trim( wp_unslash( $user_login ) ) );
        if ( empty( $user_data ) ) {                                
            $errors->add( 'invalid_email', __( '<strong>Error</strong>: There is no account with that username or email address.' ) );
            
        }
} else {
        $user_data = get_user_by( 'login', trim( wp_unslash( $user_login ) ) );
}

If you can check this function, in elseif condition you check @ in $user_login, If it is found, then you guys take it as an email and if the record is not found then the error comes "There is no account with that username or email address".

Suppose our username is support@… and email is info@…. When function 'retrieve_password' will run, it will serve elseif condition and there you check username "support@…" with an email get_user_by( 'email', trim( wp_unslash( $user_login ) ) ).
It will return an error, as actually, support@… is the username.

I found this bug, while one of our customers has a different email from username and his username has character @.
Due to this, I was not able to send him the password reset link. For now, I fixed this in our core files and hope you guys will fix it in the coming version.

Thanks

Change History (3)

#1 @SergeyBiryukov
3 years ago

  • Component changed from General to Users

#2 @SergeyBiryukov
3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi there, welcome to WordPress Trac!

Thanks for the report, we're already tracking this issue in #22367.

#3 @parambir
3 years ago

OK thanks

Note: See TracTickets for help on using tickets.