Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 5 years ago

#8866 closed defect (bug) (fixed)

Unable to create a password with a quote char in it

Reported by: designsimply Owned by: gavinbrook
Milestone: 2.8 Priority: normal
Severity: normal Version: 2.7
Component: Users Keywords: has-patch tested commit dev-feedback
Focuses: Cc:


When trying to create or edit a password, putting a quote in the password will produce the following error:
ERROR: Passwords may not contain the character "\".

If quotes are allowed in passwords, something is escaping them and that needs to be fixed.

If quotes are not allowed in passwords, then this ticket should be marked as wontfix.

Attachments (1)

patch.diff (748 bytes) - added by gavinbrook 7 years ago.

Download all attachments as: .zip

Change History (15)

#1 @westi
7 years ago

  • Keywords needs-patch added
  • Owner changed from anonymous to westi
  • Status changed from new to assigned
  • Version set to 2.7

#2 @designsimply
7 years ago

Note this happens for single and double quotes.

#3 @gavinbrook
7 years ago

  • Owner changed from westi to gavinbrook
  • Status changed from assigned to new

7 years ago

#4 @gavinbrook
7 years ago

  • Keywords has-patch added; needs-patch removed

I've removed the check for "\" in the file. I've tested variations and both single and double quotes work. Also checked for combinations of these and the password appears to be correctly hashed.

#5 @gavinbrook
7 years ago

  • Cc gavinbrook added

#6 @johnbillion
7 years ago

  • Keywords dev-feedback added

Should the backslash check really be removed?

#7 @gavinbrook
7 years ago

I've ran tests and I cannot see why the check was in there in the first place. The quotes appear to be correctly escaped and I can change password/login perfectly every time. Maybe there was a historical reason for it, but I'm not getting an issue on my setup.

#8 @gavinbrook
7 years ago

  • Status changed from new to assigned

#9 @Denis-de-Bernardy
7 years ago

  • Keywords tested commit added

commit? wontfix?

#10 @Denis-de-Bernardy
7 years ago

  • Component changed from General to Users

#11 @ryan
7 years ago

See #1714 for history

#13 @ryan
7 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

The problem was that we were checking for disallowed backslashes on slashed data. Checking after running stripslashes() fixes.


#14 @hakre
5 years ago

Related: #17018

Note: See TracTickets for help on using tickets.