WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 6 years ago

Last modified 4 years ago

#8866 closed defect (bug) (fixed)

Unable to create a password with a quote char in it

Reported by: designsimply Owned by: gavinbrook
Milestone: 2.8 Priority: normal
Severity: normal Version: 2.7
Component: Users Keywords: has-patch tested commit dev-feedback
Focuses: Cc:

Description

When trying to create or edit a password, putting a quote in the password will produce the following error:
ERROR: Passwords may not contain the character "\".

If quotes are allowed in passwords, something is escaping them and that needs to be fixed.

If quotes are not allowed in passwords, then this ticket should be marked as wontfix.

Attachments (1)

patch.diff (748 bytes) - added by gavinbrook 6 years ago.

Download all attachments as: .zip

Change History (15)

comment:1 @westi7 years ago

  • Keywords needs-patch added
  • Owner changed from anonymous to westi
  • Status changed from new to assigned
  • Version set to 2.7

comment:2 @designsimply7 years ago

Note this happens for single and double quotes.

comment:3 @gavinbrook6 years ago

  • Owner changed from westi to gavinbrook
  • Status changed from assigned to new

@gavinbrook6 years ago

comment:4 @gavinbrook6 years ago

  • Keywords has-patch added; needs-patch removed

I've removed the check for "\" in the file. I've tested variations and both single and double quotes work. Also checked for combinations of these and the password appears to be correctly hashed.

comment:5 @gavinbrook6 years ago

  • Cc gavinbrook added

comment:6 @johnbillion6 years ago

  • Keywords dev-feedback added

Should the backslash check really be removed?

comment:7 @gavinbrook6 years ago

I've ran tests and I cannot see why the check was in there in the first place. The quotes appear to be correctly escaped and I can change password/login perfectly every time. Maybe there was a historical reason for it, but I'm not getting an issue on my setup.

comment:8 @gavinbrook6 years ago

  • Status changed from new to assigned

comment:9 @Denis-de-Bernardy6 years ago

  • Keywords tested commit added

commit? wontfix?

comment:10 @Denis-de-Bernardy6 years ago

  • Component changed from General to Users

comment:11 @ryan6 years ago

See #1714 for history

comment:13 @ryan6 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

The problem was that we were checking for disallowed backslashes on slashed data. Checking after running stripslashes() fixes.

[11292]

comment:14 @hakre4 years ago

Related: #17018

Note: See TracTickets for help on using tickets.