Bug with password regeneration

  • Resolved fouad.z

    (@fouadz)


    7 years, 3 months ago

    Hi i found a bug when a user try to restore his password, when clicking on the link to regenerate the password we are redirected with the password in the url … what happened if the password has an # ? When the generated password has is composed with a # the rest of the password is not filled in the input, so it s clearly a bad thing

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter fouad.z

    (@fouadz)

    Corrected on clean-login.php line 575

    replace

    
$url = esc_url( add_query_arg( 'pass', $new_password, $url ) );

    by

    
$url = esc_url( add_query_arg( 'pass', urlencode($new_password), $url ) );
    Plugin Author Alberto Hornero

    (@hornero)

    Hi @fouadz, thanks for reporting it and also for the solution. I’ve already updated it, including your credits as well. Thanks.

    Alberto.

    Thread Starter fouad.z

    (@fouadz)

    Thank you

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Bug with password regeneration’ is closed to new replies.