WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#7192 closed defect (bug) (duplicate)

Password recovery key must not contain hash # character

Reported by: mastermind Owned by:
Milestone: Priority: normal
Severity: blocker Version: 2.5.1
Component: Administration Keywords:
Focuses: Cc:

Description

On a site where I was registered, I tried to retrieve a new password. The activation URL was like:

http://example.com/wp-login.php?action=rp&key=J#wi7fuQw8H

When calling the URL, the WP install told me the key was invalid -- obviously, because the hash and the part thereafter are not sent to the server, but are interpreted as anchor. Encoding the hash as %23 didn't help neither; I assume this is because the respective function does not urldecode() the key.

Change History (2)

comment:1 DD326 years ago

  • Resolution set to duplicate
  • Status changed from new to closed

see #6842

comment:2 thee176 years ago

  • Milestone 2.6 deleted
Note: See TracTickets for help on using tickets.