[wp-trac] [WordPress Trac] #25350: Make URL parameter for activation key parameter filterable
WordPress Trac
noreply at wordpress.org
Wed Sep 18 18:51:52 UTC 2013
#25350: Make URL parameter for activation key parameter filterable
--------------------------+-----------------------------
Reporter: boonebgorges | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Multisite | Version:
Severity: normal | Keywords: has-patch
--------------------------+-----------------------------
The Office 365 email service (perhaps among others? Who knows what lurks
out there?) filters all outgoing links, for security purposes. Among its
security restrictions is that emailed links with URL parameters containing
the string 'key' are forbidden; clicking them leads to an error. This
includes links of the form http://example.com/wp-activate.php?key=12345,
the link format used when sending activation emails in multisite. The
result is that users cannot click the link to activate their accounts -
and, in fact, they can't even copy and paste it in normal ways, because
Microsoft masks the link (ugh).
This is an annoying problem that is in no way WordPress's fault. However,
it causes severe problems in places where WP is used and Office 365 use is
required, such as some universities. And, while it's easy to fix the text
of the outgoing email using the notification filters in ms-functions.php,
it's very difficult to modify the way that wp-activate.php works without
resorting to the hackiest of hacks.
As a lightweight and backward compatibile workaround, I'm suggesting that
the 'key' parameter be filterable. Patch attached, which abstracts the
parameter into a filter wrapper. Not the most elegant thing in the world,
but we are dealing with a problem of mammoth stupidity in the first place.
Thanks for considering.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25350>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list