[wp-trac] [WordPress Trac] #23494: impossible to log in with password containing leading or trailing spaces
WordPress Trac
noreply at wordpress.org
Tue Aug 6 17:16:29 UTC 2013
#23494: impossible to log in with password containing leading or trailing spaces
-------------------------------------+-----------------------
Reporter: mich1 | Owner: westi
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 3.6
Component: Users | Version: 2.5
Severity: major | Resolution:
Keywords: needs-patch 2nd-opinion |
-------------------------------------+-----------------------
Changes (by rpattillo):
* status: closed => reopened
* resolution: fixed =>
Comment:
This does not appear to be completely fixed in 3.6. The error can still be
reproduced by a user changing his or her password via Edit Profile.
Not all changes to a user's password go through wp_set_password, which is
where the trim() call was added before passing the plain text password to
wp_hash_password. In wp-includes/user.php, inside both wp_insert_user()
and wp_update_user(), the plain text value is sent to wp_hash_password
without being sent through trim() first.
It appears to me that the call to trim() should be moved to
wp_hash_password() to insure it is used consistently:
{{{
return $wp_hasher->HashPassword($password);
}}}
modified to be:
{{{
return $wp_hasher->HashPassword( trim( $password ) );
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/23494#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list