Make WordPress Core

Opened 3 years ago

Last modified 2 years ago

#53339 new defect (bug)

Inconsistency in allowed characters for a password

Reported by: henrywright's profile henry.wright Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Users Keywords:
Focuses: Cc:


When a user attempts to reset his or her password using the facility on the front-end, they are able to use the \ character in their new password.

When a user attempts to change their password at wp-admin > Users > Profile, they aren't able to use the \ character in their password.

This feels like an inconsistency.

Further, I noticed whitespace is stripped from the beginning and end of the password string when using the change password facility at wp-admin > Users > Profile. Note trim() isn't used in the password reset facility on the front-end.

Change History (2)

#1 @SergeyBiryukov
3 years ago

  • Component changed from General to Users
Note: See TracTickets for help on using tickets.