#7192 closed defect (bug) (duplicate)
Password recovery key must not contain hash # character
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | blocker | Version: | 2.5.1 |
Component: | Administration | Keywords: | |
Focuses: | Cc: |
Description
On a site where I was registered, I tried to retrieve a new password. The activation URL was like:
http://example.com/wp-login.php?action=rp&key=J#wi7fuQw8H
When calling the URL, the WP install told me the key was invalid -- obviously, because the hash and the part thereafter are not sent to the server, but are interpreted as anchor. Encoding the hash as %23 didn't help neither; I assume this is because the respective function does not urldecode() the key.
Change History (2)
Note: See
TracTickets for help on using
tickets.
see #6842