Reset password link for user with email contained single quote

  • Resolved Ilian

    (@ilianskia)


    1 year, 7 months ago

    Have an issue that is related to WordPress not to any theme or plugin.
    The users with emails that containts single quotes on the email are not able to use reset password function.
    Users with email similar to – test.t’[email protected]
    Can click on Reset password link but when the email with link came to the user mailbox and the user click on reset link when the page is opened it shows the error message- Error:?Your password reset link appears to be invalid. Please request a new link below.
    The issue is only for the users with emails similar to the above.
    Not related to any theme or plugin as i tested with default wp theme.
    Not related to link is expired in real as tested with 10 different emails without single quote on them but the reset link password works for all of them.
    So far tried to do any fix but no success yet.
    Probably is a core WP issue.
    I do test on the site with WP version-WordPress 6.1.1

    Can someone help?

    • This topic was modified 1 year, 7 months ago by Ilian.
Viewing 5 replies - 1 through 5 (of 5 total)

  • Hello @ilianskia

    Looks like the single quote in the email address is not being properly escaped or encoded in the password reset link, which can lead to the URL being incorrectly interpreted by WordPress. Most email service does not accept emails that contains single quotes because of the problem it can introduce.

    To resolve/mitigate this issue, you may want to check the code that generates the reset password link to ensure that it properly handles special characters in email addresses, such as single quotes.

    If you don’t have the technicalities to do this, you might just consider reaching out to the site admin to update the email address on the user account this might be the fastest fix or the site admin can do a manual password reset for them.

    Best regards

    • This reply was modified 1 year, 7 months ago by tarhe.
    • This reply was modified 1 year, 7 months ago by tarhe.
    Thread Starter Ilian

    (@ilianskia)

    Thank you for your reply @obt28
    I understand all you explained but the issue is even when default theme and just 3-4 default plugins are used so its WP core issue.
    Any suggestions to fix in technical way?

    • This reply was modified 1 year, 7 months ago by Ilian.
    • This reply was modified 1 year, 7 months ago by Ilian.
    • This reply was modified 1 year, 7 months ago by Ilian.

    You can check the WordPress code that generates the reset password link to ensure that it properly handles special characters like single quotes for email addresses. This may involve using techniques like URL encoding/escaping to ensure that the link is correctly formed and can be properly interpreted by the WordPress. I found a tutorial here on how to create a WordPress password reset link.

    Another way might be to modify the email validation logic to allow single quotes in email addresses. However, this may be more complex, as it could require changes to multiple parts of the WordPress core files that handles the way email works.

    You’re also welcome to submit a bug report to the WordPress core team from here.

    Regards,

    • This reply was modified 1 year, 7 months ago by tarhe.
    Thread Starter Ilian

    (@ilianskia)

    @obt28 Thanks for your suggestions
    i’ve sent bug ticket to WordPress as its not good to do any changes on the core files.
    Hope they will reply me soon.

    @ilianskia I see you’ve summited a ticket here: https://core.trac.www.ads-software.com/ticket/58003 the core team should take a look as soon as they have the time.

    You can go ahead to mark this ticket as resolved.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Reset password link for user with email contained single quote’ is closed to new replies.

Tags