WordPress.org

Make WordPress Core

Opened 14 months ago

Closed 14 months ago

Last modified 14 months ago

#23488 closed defect (bug) (duplicate)

WordPress incorrectly escapes passwords when emailing to new users

Reported by: bklang Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.8
Component: Users Keywords:
Focuses: Cc:

Description

I created a new user account today whose password contained a single-quote ( ' ). When the new user received the password it was escaped with a backslash ( \' ). This caused him to be unable to log in, not knowing he should remove the backslash.

Passwords sent to users should not be escaped.

Change History (6)

comment:1 SergeyBiryukov14 months ago

  • Component changed from General to Users
  • Milestone changed from Awaiting Review to 3.6
  • Resolution set to fixed
  • Status changed from new to closed
  • Version changed from 3.5.1 to 2.8

Reproduced in 3.5.1. Also reproduced in 2.8, where "Send this password..." checkbox was added ([11319]), using '123' (including quotes) as a password.

Could not reproduce in current trunk, appears to be fixed in [23416].

comment:2 markoheijnen14 months ago

Shouldn't this ticket still be open to consider it for 3.5.2?

comment:3 SergeyBiryukov14 months ago

I guess it could be considered for 3.5.2 if it was a regression in 3.5.

comment:4 nacin14 months ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Let's leave this open as [23416] isn't quite settled yet.

comment:5 hakre14 months ago

  • Resolution set to duplicate
  • Status changed from reopened to closed

This is a duplicate of: #17018 - And yes I hope, too that with/after [23416] it's even more easy to fix ;)

Last edited 14 months ago by hakre (previous) (diff)

comment:6 SergeyBiryukov14 months ago

  • Milestone 3.6 deleted
Note: See TracTickets for help on using tickets.