Problem when Resetting the Password (Invalid Key) with users that contain spaces
-
The problem occurs when a user, who are stored in the wp_users table, and that the user_login field contains some space, for example “test hello”
The user correctly requests the password recovery, and receives an email (in html format like the following)
https://www.dominio.es/resetpass/?key=removedbymoderatorforprivacys&login=test%20hello
With a symbol of < at the beginning and another of > at the end (won’t let me paste it here; D)
In the login field, you can see that the character “%20” is inserted between the words test and hello
When clicking the link, an ‘invalidkey’ error occurs
https://www.dominio.es/lostpassword/?error=invalidkey
I’ve also tried to copy the address (without the < and > symbols), and paste it into the browser’s address bar and the result is the same (invalidkey).
This is the urlhttps://www.dominio.es/resetpass/?key=removedbymoderator&login=test%20hello
I have investigated a little, and in the process of password recovery, a variable is saved where the user’s name is inside a Cookie
When retrieving the cookie information, within the tml_password_reset_handler function (from the actions.php file line 581 @since 7.0 ), the cookie content is read and in the line
list( $rp_login, $rp_key ) = explode( ‘:’, wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
when retrieving the user information from the cookie, in the $rp_login variable it retrieves the value “test+hello” (with a ‘+’ symbol between both words)
In the following line, when trying to retrieve the user “test+hello” from the database (with the function check_password_reset_key), it returns an error, because the user does not exist (in the database it is saved as “test hello”
$user = check_password_reset_key( $rp_key, $rp_login );
If I replace, with a str_replace, the “+” by ” “, then it works correctly (before calling the function check_password_reset_key)
$rp_login=str_replace(‘+’,’ ‘,$rp_login);
Let’s see if you can help me solve this case
Thank you very much.
- The topic ‘Problem when Resetting the Password (Invalid Key) with users that contain spaces’ is closed to new replies.