Make WordPress Core

Opened 15 years ago

Closed 15 years ago

Last modified 13 years ago

#8866 closed defect (bug) (fixed)

Unable to create a password with a quote char in it

Reported by: designsimply's profile designsimply Owned by: gavinbrook's profile gavinbrook
Milestone: 2.8 Priority: normal
Severity: normal Version: 2.7
Component: Users Keywords: has-patch tested commit dev-feedback
Focuses: Cc:


When trying to create or edit a password, putting a quote in the password will produce the following error:
ERROR: Passwords may not contain the character "\".

If quotes are allowed in passwords, something is escaping them and that needs to be fixed.

If quotes are not allowed in passwords, then this ticket should be marked as wontfix.

Attachments (1)

patch.diff (748 bytes) - added by gavinbrook 15 years ago.

Download all attachments as: .zip

Change History (15)

#1 @westi
15 years ago

  • Keywords needs-patch added
  • Owner changed from anonymous to westi
  • Status changed from new to assigned
  • Version set to 2.7

#2 @designsimply
15 years ago

Note this happens for single and double quotes.

#3 @gavinbrook
15 years ago

  • Owner changed from westi to gavinbrook
  • Status changed from assigned to new

15 years ago

#4 @gavinbrook
15 years ago

  • Keywords has-patch added; needs-patch removed

I've removed the check for "\" in the file. I've tested variations and both single and double quotes work. Also checked for combinations of these and the password appears to be correctly hashed.

#5 @gavinbrook
15 years ago

  • Cc gavinbrook added

#6 @johnbillion
15 years ago

  • Keywords dev-feedback added

Should the backslash check really be removed?

#7 @gavinbrook
15 years ago

I've ran tests and I cannot see why the check was in there in the first place. The quotes appear to be correctly escaped and I can change password/login perfectly every time. Maybe there was a historical reason for it, but I'm not getting an issue on my setup.

#8 @gavinbrook
15 years ago

  • Status changed from new to assigned

#9 @Denis-de-Bernardy
15 years ago

  • Keywords tested commit added

commit? wontfix?

#10 @Denis-de-Bernardy
15 years ago

  • Component changed from General to Users

#11 @ryan
15 years ago

See #1714 for history

#13 @ryan
15 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

The problem was that we were checking for disallowed backslashes on slashed data. Checking after running stripslashes() fixes.


#14 @hakre
13 years ago

Related: #17018

Note: See TracTickets for help on using tickets.