#49392 closed defect (bug) (invalid)
wp_check_password is broken and give result false if there is ampersand (&) character on password
Reported by: | nariyanto | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Users | Keywords: | |
Focuses: | Cc: |
Description
While testing change password method that uses wp_check_password where I was passing in a correct current password and password combination. Here are the steps to replicate this issues:
- Now try to change the newest password to
k)176p*nFXA8Qk&@mb6cI8(b
- try to check password using wp_check_password() method, with current password contain ampersand (&) character.
- Observe
Change History (5)
#3
@
5 years ago
- Resolution set to invalid
- Status changed from new to closed
Hi @bookdude13 ,
Thanks for the reply and investigation. I test and debug on our plugins and have double check it. I found that &
character is converted to &
before wp_check_password()
function called.
Now the issue is solved, you may closed this ticket.
Regards,
Septiyan
Note: See
TracTickets for help on using
tickets.
@nariyanto Thanks for the ticket!
I am unable to reproduce this when changing a different user's password, changing my own, or doing a password reset for me. I am able to set it to your provided password and login with it just fine.
How were you testing when you saw this behavior? Was this a unit test or something similar?