With magic_quotes_gpc on you can't change password to anything with " or ' inside.
|Reported by:||sesee||Owned by:||anonymous|
If magic_quotes_gpc are on, user cannot change password to something having a " or ' inside.
When submitting, magic_quotes automatically quotes " to \", and user gets and error:
ERROR: Passwords may not contain the character "\".
Although the password strength hint says:
Hint: Use upper and lower case characters, numbers and symbols like !"?$%&( in your password.
So, there are two solutions:
- remove '"' from hint which tells that you can use that kind of a password
- if magic_quotes_gpc are on - stripslahes() the password ( it will be hashed anyway, so no harm to the database ).
Patch for solution #2 included.
Change History (8)
- Keywords needs-patch added; has-patch needs-testing removed