Support » Fixing WordPress » Lost password, invalid key – noticed something

  • Hi there,

    I have noticed something about the lost password/email retrieval that may be a bug or may help out with the number of requests this gets.

    The link sent with the key and user name is surrounded with < and >

    Some email clients are misinterpreting this link and including the > at the end of the user name which in turn kills the database query because the user name does not match.

    I have run a couple of tests changing line 235 of wp-login.php to be:

    $message .= network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "\r\n";


    $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n";

    This seems to sort the problem out.

    Just wanted to check this here and see whether it looks like a bug?



  • The topic ‘Lost password, invalid key – noticed something’ is closed to new replies.