id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
13654,Install should NOT use stripslashes on admin password,johanee,dd32,"If you use ', "", \ in the administration password when doing a new install you will not be able to log in.

This is because the new 3.0 install uses stripslashes() on the administator password. 

This would normally be the right thing to do, but unfortunately no other part of the WordPress password handling does so. Login tests against unescaped strings, new user creation and user edit uses the same.

This is unfortunate, but as all WordPress users ever created have \"", \', \\ in their hashed passwords (depending on server configuration I guess) it is probably too painful to change.

Therefore wp-admin/install.php should be changed to not use stripslashes().",defect (bug),closed,normal,3.0,Upgrade/Install,3.0,normal,fixed,,