Password reset links produce invalid keys
|Reported by:||MtDewVirus||Owned by:||ryan|
When using /wp-login.php?action=lostpassword the password reset link received in the email does not work. When clicking on the link, you get "Sorry, that key does not appear to be valid."
Also, some of the characters used in the key aren't treated as part of a link in email (Gmail as an example).
Only http://blog.com/wp-login.php?action=rp&key=yG#S was treated as a link in Gmail and the rest was plain text.
Tested on r7835
Change History (16)
- Milestone set to 2.5.2
- Resolution fixed deleted
- Status changed from closed to reopened
- Version changed from 2.6 to 2.5.1
comment:11 @ryan — 7 years ago
- Owner changed from anonymous to ryan
- Status changed from reopened to new