[wp-trac] [WordPress Trac] #7197: With magic_quotes_gpc on you can't change password to anything with " or ' inside.

WordPress Trac wp-trac at lists.automattic.com
Sat Jun 28 12:20:03 GMT 2008


#7197: With magic_quotes_gpc on you can't change password to anything with " or '
inside.
----------------------------+-----------------------------------------------
 Reporter:  sesee           |       Owner:  anonymous
     Type:  defect          |      Status:  new      
 Priority:  normal          |   Milestone:  2.5.2    
Component:  Administration  |     Version:  2.5.1    
 Severity:  normal          |    Keywords:           
----------------------------+-----------------------------------------------
 If magic_quotes_gpc are on, user cannot change password to something
 having a " or ' inside.
 When submitting, magic_quotes automatically quotes " to \", and user gets
 and error:
 ERROR: Passwords may not contain the character "\".
 Although the password strength hint says:
 Hint: Use upper and lower case characters, numbers and symbols like
 !"?$%^&( in your password.

 So, there are two solutions:
 1. remove '"' from hint which tells that you can use that kind of a
 password
 2. if magic_quotes_gpc are on - stripslahes() the password ( it will be
 hashed anyway, so no harm to the database ).

 Patch for solution #2 included.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/7197>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list