trim() Passwords and Logins

[sc0ttkclark]

I'm putting this ticket up to discuss the addition of the trim() function in the wp_signon and related functions so that in the event you are copying/pasting from an e-mail program or browser and there is whitespace - your login won't fail.

So, the trim() would need to be in a number of places, but specifically when signing in, when adding a user, and when changing a password.

Thoughts? Stones?

[travisnorthcutt]

Seems logical, but is this a common enough complaint/problem to warrant 'fixing' it?

[sc0ttkclark]

I think, instead, we should be thinking of cases in which it is not a good idea to trim() these values.

[hakre]

From what I know, it get's already trimmed. Please check, but I copied over usernames and passwords containing whitespaces around so often in support and never run into any problems.

I'm pretty sure what you ask for is already the standard behavior. Please verify.

[johnbillion]

As Hakre points out, this is the current behaviour.

See wp_authenticate() in wp-includes/pluggable.php'. The password is trimmed there, and sanitize_user()` takes care of trimming the username.

[sc0ttkclark]

I'm wondering why this isn't done in wp_signon specifically to the value before it's passed through for consistency instead of requiring functions hooking into it to trim it each time?

[hakre]

Well as you're talking about code, trim the value before you pass it to the function. If you're really interested to add this into core, please provide a patch.