[wp-trac] [WordPress Trac] #40249: period as last character in username breaks activation link

WordPress Trac noreply at wordpress.org
Fri Mar 24 10:38:46 UTC 2017


#40249: period as last character in username breaks activation link
------------------------------------+-----------------------------
 Reporter:  ilikewordpress          |      Owner:
     Type:  enhancement             |     Status:  new
 Priority:  normal                  |  Milestone:  Awaiting Review
Component:  Login and Registration  |    Version:  4.7.3
 Severity:  normal                  |   Keywords:
  Focuses:                          |
------------------------------------+-----------------------------
 Many browsers and mail clients are converting text-URLs to clickable
 links.

 If a user chooses an username with a period at the end, the activation
 link in the mail could be incorrect, because the mail client thinks, the
 period is a punctuation character.

 See this (non-working) URL for an example:
 https://www.domain.de/wp-
 login.php?action=rp&key=XXXXXX&user=ballspieler96.

 The period at the end is part of the username but not part of the URL.

 Fix:
 Don't use the username as last parameter. Instead use a defined parameter,
 which won't have periods as value (i.e. 2action" or "key")

--
Ticket URL: <https://core.trac.wordpress.org/ticket/40249>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list