Make WordPress Core

Opened 17 years ago

Closed 17 years ago

Last modified 17 years ago

#7192 closed defect (bug) (duplicate)

Password recovery key must not contain hash # character

Reported by: mastermind's profile mastermind Owned by:
Milestone: Priority: normal
Severity: blocker Version: 2.5.1
Component: Administration Keywords:
Focuses: Cc:

Description

On a site where I was registered, I tried to retrieve a new password. The activation URL was like:

http://example.com/wp-login.php?action=rp&key=J#wi7fuQw8H

When calling the URL, the WP install told me the key was invalid -- obviously, because the hash and the part thereafter are not sent to the server, but are interpreted as anchor. Encoding the hash as %23 didn't help neither; I assume this is because the respective function does not urldecode() the key.

Change History (2)

#1 @DD32
17 years ago

  • Resolution set to duplicate
  • Status changed from new to closed

see #6842

#2 @thee17
17 years ago

  • Milestone 2.6 deleted
Note: See TracTickets for help on using tickets.