Password URL dubble question mark (?) parameter

Hello,

I have a problem with the reset password URL. In the site we have the security plugin SolidWP Pro installed and setup a hide backend URL. So the original WordPress URL will not work anymore.

But with that all installed and setup, the passwor reset URL contains double question mark as parameter. As you can see here:
https://domain.com/wp-login.php?itsec-hb-token=securelogin?action=rp&key=123456789abcdefghijk&login=admin

I searched the files in this plugin to search why this is happening. And I found the action, key and login parameter is hard added to the wp_login_url() function. In the following file:
welcome-email-editor/modules/settings/class-settings-output.php on line 177
See code:
$reset_url = wp_login_url() . ‘?action=rp&key=’ . $key . ‘&login=’ . rawurlencode( $user_login );

This can be easily resolved by changing the code to the following:
$wp_login_url = wp_login_url();
$reset_url = add_query_arg(‘action’, ‘rp’, $wp_login_url);
$reset_url = add_query_arg(‘key’, $key, $reset_url);
$reset_url = add_query_arg(‘login’, rawurlencode( $user_login ), $reset_url);

This way of coding is also in the next file:
welcome-email-editor/wp-new-user-notification.php on line 253

THis can also be easily resolved by changing the code to the following:
$network_site_url = network_site_url();
$reset_pass_url = add_query_arg(‘action’, ‘rp’, $network_site_url);
$reset_pass_url = add_query_arg(‘key’, $key, $reset_pass_url);
$reset_pass_url = add_query_arg(‘login’, rawurlencode( $user->user_login ), $reset_pass_url);

There are other ways to solve this issue. But this is one I tested and worked. Can you please make this changes to the plugin? It would solved a big problem and after that the plugin is better compatible with other plugins.

Maybe you can also check other functions within the plugin of this issue and correct them. I only searched for the password reset URL

• This topic was modified 1 month, 2 weeks ago by DODO Internet.