WordPress.org

Make WordPress Core

Opened 8 weeks ago

Last modified 7 weeks ago

#47092 reviewing enhancement

Increase the usefullness of 'random_password' by adding additional parameters

Reported by: roytanck Owned by: SergeyBiryukov
Milestone: 5.3 Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords: has-patch
Focuses: Cc:

Description

In the wp_generate_password function, the output is run through the 'random_password' hook. This allows other functions to modify or replace the generated password. But because the $special_chars and $extra_special_chars parameters are not passed to the hook, any hooked function does not know whether special chars are allowed.

This limits the hooks usefulness, since wp_generate_password is also used to generate tokens that needs to be url-safe. By passing the two extra arguments along in the filter, hooked functions can respects these requirements.

I realize wp_generate_password is a pluggable function, but I feel that using the hook is a much cleaner way to override/improve WP's password suggestions.

Attachments (2)

47092.diff (810 bytes) - added by roytanck 8 weeks ago.
Patch adding $special_chars and $extra_special_chars to the 'random_password' hook.
47092-2.diff (836 bytes) - added by roytanck 8 weeks ago.
This patch adds the $length parameter too. You get the number by using mb_strlen() on the password, but simply providing it makes more sense.

Download all attachments as: .zip

Change History (4)

@roytanck
8 weeks ago

Patch adding $special_chars and $extra_special_chars to the 'random_password' hook.

#1 @roytanck
8 weeks ago

  • Keywords has-patch added

@roytanck
8 weeks ago

This patch adds the $length parameter too. You get the number by using mb_strlen() on the password, but simply providing it makes more sense.

#2 @SergeyBiryukov
7 weeks ago

  • Milestone changed from Awaiting Review to 5.3
  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing
Note: See TracTickets for help on using tickets.