[wp-trac] [WordPress Trac] #7256: lostpassword does not work, ancillary fix

WordPress Trac wp-trac at lists.automattic.com
Mon Jul 7 16:34:53 GMT 2008


#7256: lostpassword does not work, ancillary fix
------------------------+---------------------------------------------------
 Reporter:  jonathan_v  |       Owner:  anonymous
     Type:  defect      |      Status:  new      
 Priority:  normal      |   Milestone:  2.5.2    
Component:  General     |     Version:  2.5.1    
 Severity:  normal      |    Keywords:           
------------------------+---------------------------------------------------
 several bugfix tickets are addressing the fact that the lost password
 function is broken

 the cause of the bug , is that wp_generate_password uses these chars:
 {{{
 "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()"
 }}}


 while reset_password only uses these:
 {{{
 [^a-z0-9]
 }}}

 i'd like to suggest an ancillary approach to fixing this - to complement
 whatever method is chosen:

 in pluggable.php, i think wp_generate_password should be met with a
 function wp_validate_password.

 then in reset_password, we replace
 {{{
 $key = preg_replace('/[^a-z0-9]/i', '', $key);
 }}}
 with
 {{{
 $key = wp_validate_password( $key );
 }}}
 then, the next time someone alters the wp_generate_password function , it
 can be quickly met for validation with unit tests and they'd see the
 'validate_password' function right there.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/7256>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list