Make WordPress Core

Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#23488 closed defect (bug) (duplicate)

WordPress incorrectly escapes passwords when emailing to new users

Reported by: bklang's profile bklang Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.8
Component: Users Keywords:
Focuses: Cc:


I created a new user account today whose password contained a single-quote ( ' ). When the new user received the password it was escaped with a backslash ( \' ). This caused him to be unable to log in, not knowing he should remove the backslash.

Passwords sent to users should not be escaped.

Change History (6)

#1 @SergeyBiryukov
11 years ago

  • Component changed from General to Users
  • Milestone changed from Awaiting Review to 3.6
  • Resolution set to fixed
  • Status changed from new to closed
  • Version changed from 3.5.1 to 2.8

Reproduced in 3.5.1. Also reproduced in 2.8, where "Send this password..." checkbox was added ([11319]), using '123' (including quotes) as a password.

Could not reproduce in current trunk, appears to be fixed in [23416].

#2 @markoheijnen
11 years ago

Shouldn't this ticket still be open to consider it for 3.5.2?

#3 @SergeyBiryukov
11 years ago

I guess it could be considered for 3.5.2 if it was a regression in 3.5.

#4 @nacin
11 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Let's leave this open as [23416] isn't quite settled yet.

#5 @hakre
11 years ago

  • Resolution set to duplicate
  • Status changed from reopened to closed

This is a duplicate of: #17018 - And yes I hope, too that with/after [23416] it's even more easy to fix ;)

Last edited 11 years ago by hakre (previous) (diff)

#6 @SergeyBiryukov
11 years ago

  • Milestone 3.6 deleted
Note: See TracTickets for help on using tickets.