Context Navigation

← Previous Ticket
Next Ticket →

#10714 closed enhancement (wontfix)

Bail out from password reset for invalid keys

Reported by:	wet	Owned by:
Milestone:		Priority:	normal
Severity:	normal	Version:	2.8.4
Component:	General	Keywords:
Focuses:		Cc:

Description

The key protecting the password reset event is a string of a known length of characters from a known character set.

Nevertheless, on the receiving end WordPress tries to filter out invalid characters from the key despite knowing that these must not be there in the first place.

I suggest to simply refuse working with invalid keys and handle that as an error condition.

Attachments (1)

wp-login-rp-11893.patch (487 bytes) - added by wet 16 years ago.

Download all attachments as: .zip

Change History (2)

@wet
16 years ago

Attachment wp-login-rp-11893.patch added

#1 @nacin
15 years ago

Milestone Unassigned deleted
Resolution set to wontfix
Status changed from new to closed

wp_generate_password() is pluggable, and (as of 3.0) filterable. Best not to muck with this. It works fine as is.

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

Make WordPress Core