Make WordPress Core

Opened 5 months ago

Last modified 3 months ago

#61774 reopened defect (bug)

Error 403 while adding ' to last name on user page

Reported by: gazto's profile gazto Owned by:
Milestone: Awaiting Review Priority: normal
Severity: major Version:
Component: Users Keywords: reporter-feedback
Focuses: Cc:

Description

In the user-edit.php page, while adding a ' (apostrophe) and save it, returns 403 forbidden code.

Change History (4)

#1 @deepakrohilla
4 months ago

usernames don't support apostrophes, while fields such as first name, last name, and email addresses do. According to RFC 3696, apostrophes are valid in email addresses as long as they come before the @ symbol. Therefore, I’m not encountering the same issue you are experiencing on user-edit
Can you look and share more detailhttps://i.ibb.co/sFwLzFN/apostrophe-no-iisue.png

#2 @brobken
4 months ago

  • Keywords reporter-feedback added

#3 @brobken
4 months ago

  • Resolution set to invalid
  • Status changed from new to closed

I've tested the input fields for first name and last name on the following possible apostrophe unicodes:

U+0027
U+02BC
U+055A
U+07F4

With all of them I was able to create a new user and modify an existing user.
E-mailaddresses with the above are possible not supported by RFC 3696.

As @deepakrohilla already mentioned, these characters are probably invalid as username.

Last edited 4 months ago by brobken (previous) (diff)

#4 @desrosj
3 months ago

  • Component changed from General to Users
  • Resolution invalid deleted
  • Status changed from closed to reopened

I'm going to reopen this just to allow a bit of time for @gazto to proved more detail.

I'd specifically like to know which field an apostrophe was being added to in order to replicate the error, and if they're able to reproduce on a fresh install of WordPress.

While conversation can always continue on closed tickets, it's best to leave them open to remain on the radar. When closed, they essentially disappear into the archive.

Note: See TracTickets for help on using tickets.