Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lost Password Redirects to https://wp-login.php/?checkemail=confirm #370

Open
readej opened this issue Oct 9, 2019 · 7 comments

Comments

@readej
Copy link
Contributor

commented Oct 9, 2019

Submitting a valid email / username on this page:
https://www.example.com/wp-login.php?action=lostpassword
Will send an email to the user, but will redirect the user to https://wp-login.php/?checkemail=confirm

Seems to be losing the hostname of the server. This only happens on our production server in Azure, it does not happen on locally run IIS. I'll provide more details later in a follow-up to this.

Just wanted to see if anyone else was experiencing the same issue.

@patrickebates

This comment has been minimized.

Copy link
Member

commented Oct 9, 2019

Is this a single or multisite install?

@readej

This comment has been minimized.

Copy link
Contributor Author

commented Oct 9, 2019

Single site.

@patrickebates

This comment has been minimized.

Copy link
Member

commented Oct 9, 2019

Grasping at straws a bit, but in your wp-config.php is DOMAIN_CURRENT_SITE defined?

If not, might try adding this line
define('DOMAIN_CURRENT_SITE', 'www.example.com');

@readej

This comment has been minimized.

Copy link
Contributor Author

commented Oct 9, 2019

Sorry I made a mistake in my initial report of this problem. I stated that the error did not happen on local IIS. However, that is not true. I'm getting the same problem on the local version as well. It was just that locally it was not allowed to send email and was instead giving the error "The email could not be sent. Possible reason: your host may have disabled the mail() function."

I'm testing more to figure out if I can narrow down when it does not get the hostname. So far I have tried putting in the wp-config.php definitions for DOMAIN_CURRENT_SITE, WP_HOME, WP_SITEURL
I have also deactivate all plugins except one; https://wordpress.org/plugins/wp-mail-smtp/
which is needed to allow emailing the lost password and not getting the above error.

Thank you for your help. Are you able to replicate this issue?

@readej

This comment has been minimized.

Copy link
Contributor Author

commented Oct 10, 2019

Narrowed this down to line 1402 in wp-includes\pluggable.php

$path = dirname( parse_url( 'http://placeholder' . $_SERVER['REQUEST_URI'], PHP_URL_PATH ) . '?' );

dirname on windows returns \ which makes the redirect location /\/wp-login.php?checkemail=confirm which then takes the user to https://wp-login.php/?checkemail=confirm

@patrickebates

This comment has been minimized.

Copy link
Member

commented Oct 10, 2019

This will end up being a bug in WP Core. I'm looking at that line in 5.2.3 and it appears identical.

@readej

This comment has been minimized.

Copy link
Contributor Author

commented Oct 10, 2019

This is my resolution for this issue:

add_filter( 'lostpassword_redirect', 'new_lostpassword_redirect' );

function new_lostpassword_redirect( $lostpassword_redirect ) {
   return '/wp-login.php?checkemail=confirm';
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.