Make WordPress Core

Opened 16 years ago

Closed 16 years ago

Last modified 14 years ago

#8866 closed defect (bug) (fixed)

Unable to create a password with a quote char in it

Reported by: designsimply's profile designsimply Owned by: gavinbrook's profile gavinbrook
Milestone: 2.8 Priority: normal
Severity: normal Version: 2.7
Component: Users Keywords: has-patch tested commit dev-feedback
Focuses: Cc:

Description

When trying to create or edit a password, putting a quote in the password will produce the following error:
ERROR: Passwords may not contain the character "\".

If quotes are allowed in passwords, something is escaping them and that needs to be fixed.

If quotes are not allowed in passwords, then this ticket should be marked as wontfix.

Attachments (1)

patch.diff (748 bytes) - added by gavinbrook 16 years ago.

Download all attachments as: .zip

Change History (15)

#1 @westi
16 years ago

  • Keywords needs-patch added
  • Owner changed from anonymous to westi
  • Status changed from new to assigned
  • Version set to 2.7

#2 @designsimply
16 years ago

Note this happens for single and double quotes.

#3 @gavinbrook
16 years ago

  • Owner changed from westi to gavinbrook
  • Status changed from assigned to new

@gavinbrook
16 years ago

#4 @gavinbrook
16 years ago

  • Keywords has-patch added; needs-patch removed

I've removed the check for "\" in the file. I've tested variations and both single and double quotes work. Also checked for combinations of these and the password appears to be correctly hashed.

#5 @gavinbrook
16 years ago

  • Cc gavinbrook added

#6 @johnbillion
16 years ago

  • Keywords dev-feedback added

Should the backslash check really be removed?

#7 @gavinbrook
16 years ago

I've ran tests and I cannot see why the check was in there in the first place. The quotes appear to be correctly escaped and I can change password/login perfectly every time. Maybe there was a historical reason for it, but I'm not getting an issue on my setup.

#8 @gavinbrook
16 years ago

  • Status changed from new to assigned

#9 @Denis-de-Bernardy
16 years ago

  • Keywords tested commit added

commit? wontfix?

#10 @Denis-de-Bernardy
16 years ago

  • Component changed from General to Users

#11 @ryan
16 years ago

See #1714 for history

#13 @ryan
16 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

The problem was that we were checking for disallowed backslashes on slashed data. Checking after running stripslashes() fixes.

[11292]

#14 @hakre
14 years ago

Related: #17018

Note: See TracTickets for help on using tickets.