Opened 3 years ago
Last modified 2 years ago
#55413 new defect (bug)
on user save apostrophes cause wp_mail error
Reported by: | dg12345 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 5.9.2 |
Component: | Users | Keywords: | needs-patch |
Focuses: | administration | Cc: |
Description
This is a follow-up to #18039.
On user save from the admin the input is not unslashed and so the
- wordpress thinks that the email has changed, has it is compared against a unslashed value
- it uses the slashed input which isn't a valid email address to send the email was changed message
Can we unslash the email input in the wp_insert_user and wp_update_user functions
Note: See
TracTickets for help on using
tickets.
This also affects password resets for emails with apostrophes. get_password_reset_key calls wp_update_user with the new user_activation_key. However the call to add_magic_quotes in wp_update_user results in a slash being added to the email and then, when wp_update_user calls wp_insert_user, the $user_email !== $old_user_data->user_email therefore the user_activation_key is cleared, so the link with the user_activation_key sent to the user will not work.