Make WordPress Core

Opened 13 years ago

Closed 13 years ago

Last modified 11 years ago

#8866 closed defect (bug) (fixed)

Unable to create a password with a quote char in it

Reported by: designsimply Owned by: gavinbrook
Milestone: 2.8 Priority: normal
Severity: normal Version: 2.7
Component: Users Keywords: has-patch tested commit dev-feedback
Focuses: Cc:


When trying to create or edit a password, putting a quote in the password will produce the following error:
ERROR: Passwords may not contain the character "\".

If quotes are allowed in passwords, something is escaping them and that needs to be fixed.

If quotes are not allowed in passwords, then this ticket should be marked as wontfix.

Attachments (1)

patch.diff (748 bytes) - added by gavinbrook 13 years ago.

Download all attachments as: .zip

Change History (15)

#1 @westi
13 years ago

  • Keywords needs-patch added
  • Owner changed from anonymous to westi
  • Status changed from new to assigned
  • Version set to 2.7

#2 @designsimply
13 years ago

Note this happens for single and double quotes.

#3 @gavinbrook
13 years ago

  • Owner changed from westi to gavinbrook
  • Status changed from assigned to new

13 years ago

#4 @gavinbrook
13 years ago

  • Keywords has-patch added; needs-patch removed

I've removed the check for "\" in the file. I've tested variations and both single and double quotes work. Also checked for combinations of these and the password appears to be correctly hashed.

#5 @gavinbrook
13 years ago

  • Cc gavinbrook added

#6 @johnbillion
13 years ago

  • Keywords dev-feedback added

Should the backslash check really be removed?

#7 @gavinbrook
13 years ago

I've ran tests and I cannot see why the check was in there in the first place. The quotes appear to be correctly escaped and I can change password/login perfectly every time. Maybe there was a historical reason for it, but I'm not getting an issue on my setup.

#8 @gavinbrook
13 years ago

  • Status changed from new to assigned

#9 @Denis-de-Bernardy
13 years ago

  • Keywords tested commit added

commit? wontfix?

#10 @Denis-de-Bernardy
13 years ago

  • Component changed from General to Users

#11 @ryan
13 years ago

See #1714 for history

#13 @ryan
13 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

The problem was that we were checking for disallowed backslashes on slashed data. Checking after running stripslashes() fixes.


#14 @hakre
11 years ago

Related: #17018

Note: See TracTickets for help on using tickets.