Make WordPress Core

Opened 16 years ago

Closed 16 years ago

#8250 closed defect (bug) (worksforme)

Activation Key to be urlencoded in retrieve password mail

Reported by: f00f's profile f00f Owned by:
Milestone: Priority: high
Severity: normal Version: 2.5.1
Component: General Keywords: has-patch wp-login lost-password retrieve-password
Focuses: Cc:

Description

Hi,
it happened to one of my users, that the activation key mailed to him when he wanted to reset his pwd contained a pound sign (#). The result was that he got an "invalid key" error, because the pound and everything thereafter was not considered part of the key parameter.
Solution: urlencode the key in the link mailed to the users, see patch.

Tested on 2.5.1 and current svn version (close to 2.7)

Attachments (1)

wp-login.php.diff (861 bytes) - added by f00f 16 years ago.

Download all attachments as: .zip

Change History (4)

@f00f
16 years ago

#1 @mrmist
16 years ago

This should have been fixed as part of #6842

There is some discussion of it there. Believe it was sorted in 2.6.

#2 @DD32
16 years ago

Believe it was sorted in 2.6.

Should've fixed in 2.5.2 too. However, I believe i may have seen a hash in a created password, so checking the activation key is working correctly should probably be done

#3 @markjaquith
16 years ago

  • Milestone 2.7 deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Already fixed.

Note: See TracTickets for help on using tickets.