Lost password, invalid key - noticed something (1 post)

  1. demonpengu
    Posted 3 years ago #

    Hi there,

    I have noticed something about the lost password/email retrieval that may be a bug or may help out with the number of requests this gets.

    The link sent with the key and user name is surrounded with < and >

    Some email clients are misinterpreting this link and including the > at the end of the user name which in turn kills the database query because the user name does not match.

    I have run a couple of tests changing line 235 of wp-login.php to be:

    $message .= network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "\r\n";


    $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";

    This seems to sort the problem out.

    Just wanted to check this here and see whether it looks like a bug?



Topic Closed

This topic has been closed to new replies.

About this Topic