WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 19 months ago

#34889 new defect (bug)

wp_check_password() and issue with trailing space

Reported by: jperlman Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.1.1
Component: Login and Registration Keywords: has-patch needs-testing needs-unit-tests dev-feedback 2nd-opinion
Focuses: administration Cc:

Description

I have users logging in via wp-login.php and then filling out a custom form with the last field entered being their WordPress password. One specific user can login fine to wp-login.php but when she enters information on the form and her WordPress password, validation fails on wp_check_password(). I realized that her password contains a space at the end.

By creating a brand new user and ensuring it contains a space the bug is evident with the test script I've uploaded.

The version of the production site at the moment is 4.1.1 of where I first saw the bug, but I can reproduce this issue on a brand new WordPress install of 4.3.1 and from the github version currently at 4.5-alpha-35794.

Looks like it's related to but different than ticket

https://core.trac.wordpress.org/ticket/23494

Attachments (2)

password.php (497 bytes) - added by jperlman 2 years ago.
plugable.diff (464 bytes) - added by adrianosilvaferreira 2 years ago.

Download all attachments as: .zip

Change History (7)

@jperlman
2 years ago

#1 @adrianosilvaferreira
2 years ago

I've added trim for $password in wp_check_password.

#2 @adrianosilvaferreira
2 years ago

Sorry for the typo plugable.

#3 @adrianosilvaferreira
2 years ago

  • Keywords has-patch needs-testing needs-unit-tests added

#4 @adrianosilvaferreira
2 years ago

  • Keywords dev-feedback 2nd-opinion added

#5 @tyxla
19 months ago

This was implemented on purpose in #24973. It's arguable whether trailing spaces should be allowed in a password.

Note: See TracTickets for help on using tickets.