Make WordPress Core

Opened 2 years ago

Last modified 21 months ago

#55413 new defect (bug)

on user save apostrophes cause wp_mail error

Reported by: dg12345's profile dg12345 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.9.2
Component: Users Keywords: needs-patch
Focuses: administration Cc:

Description

This is a follow-up to #18039.

On user save from the admin the input is not unslashed and so the

  1. wordpress thinks that the email has changed, has it is compared against a unslashed value
  2. it uses the slashed input which isn't a valid email address to send the email was changed message

Can we unslash the email input in the wp_insert_user and wp_update_user functions

Change History (1)

#1 @thommo
21 months ago

This also affects password resets for emails with apostrophes. get_password_reset_key calls wp_update_user with the new user_activation_key. However the call to add_magic_quotes in wp_update_user results in a slash being added to the email and then, when wp_update_user calls wp_insert_user, the $user_email !== $old_user_data->user_email therefore the user_activation_key is cleared, so the link with the user_activation_key sent to the user will not work.

Note: See TracTickets for help on using tickets.