Opened 3 years ago
Last modified 6 months ago
#54685 new defect (bug)
Admin email verification redirects back to login page
Reported by: | golenkovm | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 5.8.1 |
Component: | Login and Registration | Keywords: | has-patch |
Focuses: | administration | Cc: |
Description
Hi everyone,
Recently, our admins started to getting Administration email confirmation
on logon. However, after clicking on This email is correct
admins are redirected back to login page and asked to login again. We've tried many times and it's an infinite loop of logging in, confirming email address, redirecting back to login page, logging in, confirming email addres, redirecting to login page and so on.
We use login URL configured on the /wp-admin/options-general.php?page=move-login page and it seems like WP doesn't properly handle admin email confirmation when login URL is set. I had a look at the codebase and I believe this ?action=confirm_admin_email
string parameter gets lost when webserver redirects wp-login.php
to configured login page: https://github.com/WordPress/WordPress/blob/b788e6255a97dbdd1dc55d42f8fbeeb66c806214/wp-login.php#L623
I added one more hidden input same way as redirect_to
is implemented https://github.com/WordPress/WordPress/blob/b788e6255a97dbdd1dc55d42f8fbeeb66c806214/wp-login.php#L635 and this fixed the issue.
I'm happy to attach a patch file.
Kind regards,
Mikhail Golenkov
Attachments (1)
Change History (5)
#2
@
3 years ago
After having another look I'd like to add that .htaccess
has the following line:
RewriteRule ^client-adminlogin/?$ wp-login.php [QSA,L]
However, HTML form still doesn't have ?action=confirm_admin_email
added to the action URL:
<form class="admin-email-confirm-form" name="admin-email-confirm-form" action="https://client-wordpress/client-adminlogin" method="post">
Perhaps, it's just a configuration issue and the patch is not needed. If so, please feel free to let me know what should be done to pass ?action=confirm_admin_email
to the action URL.
Cheers,
Mikhail Golenkov
#3
in reply to:
↑ description
@
3 years ago
Hi there, welcome to WordPress Trac! Thanks for the ticket.
Replying to golenkovm:
We use login URL configured on the /wp-admin/options-general.php?page=move-login page and it seems like WP doesn't properly handle admin email confirmation when login URL is set.
Just noting that the Move Login page is not a part of WordPress core and appears to be created by a plugin, most likely Move Login (last updated 5 years ago). So at a glance, this does seem like either a configuration issue or something that the plugin would need to be updated to support.
The current URL appears to be more consistent with other form action URLs in wp-login.php
:
wp-login.php?action=confirm_admin_email
wp-login.php?action=lostpassword
wp-login.php?action=resetpass
wp-login.php?action=register
Patch for the ticket