#54025 closed defect (bug) (duplicate)
Issue in retrieve_password function (file - wp-includes/user.php )
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | critical | Version: | |
Component: | Users | Keywords: | |
Focuses: | Cc: |
Description
Heu guys,
There is an issue when we click on "Send Reset Link" from the edit user in the wp-admin panel.
This issue is coming from function "retrieve_password" (file location - wp-includes/user.php).
<?php if ( empty( $user_login ) ) { $errors->add( 'empty_username', __( '<strong>Error</strong>: Please enter a username or email address.' ) ); } elseif ( strpos( $user_login, '@' ) ) { $user_data = get_user_by( 'email', trim( wp_unslash( $user_login ) ) ); if ( empty( $user_data ) ) { $errors->add( 'invalid_email', __( '<strong>Error</strong>: There is no account with that username or email address.' ) ); } } else { $user_data = get_user_by( 'login', trim( wp_unslash( $user_login ) ) ); }
If you can check this function, in elseif condition you check @ in $user_login, If it is found, then you guys take it as an email and if the record is not found then the error comes "There is no account with that username or email address".
Suppose our username is support@… and email is info@…. When function 'retrieve_password' will run, it will serve elseif condition and there you check username "support@…" with an email get_user_by( 'email', trim( wp_unslash( $user_login ) ) ).
It will return an error, as actually, support@… is the username.
I found this bug, while one of our customers has a different email from username and his username has character @.
Due to this, I was not able to send him the password reset link. For now, I fixed this in our core files and hope you guys will fix it in the coming version.
Thanks
Hi there, welcome to WordPress Trac!
Thanks for the report, we're already tracking this issue in #22367.