[wp-trac] [WordPress Trac] #24792: Post/Page password size limitation truncates passwords - is not documented

WordPress Trac noreply at wordpress.org
Wed Jul 17 21:46:51 UTC 2013 

#24792: Post/Page password size limitation truncates passwords - is not documented
-------------------------+-------------------------------------------------
 Reporter:  RayBernard   |      Owner:
     Type:  defect       |     Status:  new
  (bug)                  |  Milestone:  Awaiting Review
 Priority:  normal       |    Version:  3.5
Component:  General      |   Keywords:  post/page-password-protection
 Severity:  normal       |  needs-codex-update
-------------------------+-------------------------------------------------
 In 3.5.1 and 3.5.2 the post/page feature "Visibility: password protected"
 as documented in http://codex.wordpress.org/Using_Password_Protection
 truncates entered passwords at 20 characters. A longer password is
 accepted, and when truncated no notice is provided. Verified with NO
 PLUGINS activated in TwentyTwelve theme.

 Steps to reproduce:
 1. Edit a page (or post).
 2. Edit the default "Visibility: Public" settings for a page or post.
 3. Choose "Password protected" and enter ABCDEFGHIJKLMNOPQRSTUVWXYZ for
 the password, click OK, then Update (or Publish).
 4. View the page, which now has "Protected" status, and enter the full
 password (A through Z). The page redisplays prompting again for password.
 This time enter just the first 20 characters (ABCDEFGHIJKLMNOPQRST). The
 password is accepted and the page displays.
 5. Edit the page again, and edit the "Visibility: Password protected"
 setting. You will see the truncated password. Click in the Password entry
 box and press the down arrow key. You will find two entries: the truncated
 password and the original long password.

 Go to the Codex documentation and view the Password Form Text section. You
 will see example code for adding a filter to replace the default password
 entry form with a custom form. The example password INPUT field contains
 'size="20"' -- but that is a display limitation not an input restriction,
 which would require using 'maxlength="20"'.

 MAXLENGTH
 The maximum number of characters that will be accepted as input. This can
 be greater that specified by SIZE , in which case the field will scroll
 appropriately. The default is unlimited.

 The following post on WordPress Answers states that the limitation is a
 database limitation. See
 http://wordpress.stackexchange.com/questions/55975/how-can-i-increase-the-
 character-limit-for-post-passwords.

 There are hundreds of posts on the Web each year going back to 2008
 stating that the post/page password protection feature was not working. I
 suspect that some of these were due to the 20-character truncation.

 I reported this as a bug because it is a documentation defect. I did not
 wish to confuse things by requesting the capability to enter a longer
 password (new feature request?), or in any way detract from the importance
 of correcting the codex documentation to include this hidden limitation.

 Here are two example documentation changes:

 A. Insert a section titled "Password Size Limitation":

 '''Password Size Limitation'''

 Currently the password is limited to no more than 20 characters. Passwords
 longer than 20 characters will be truncated to 20 characters.

 B. Correct the example code so that it actually limits the character input
 to 20 characters using maxlength. Such as:


 {{{
 function my_password_form() {
     global $post;
     $label = 'pwbox-'.( empty( $post->ID ) ? rand() : $post->ID );
     $o = '<form action="' . esc_url( site_url( 'wp-
 login.php?action=postpass', 'login_post' ) ) . '" method="post">
     ' . __( "To view this protected post, enter the password below:" ) . '
     <label for="' . $label . '">' . __( "Password:" ) . ' </label><input
 name="post_password" id="' . $label . '" type="password" size="20"
 maxlength="20" /><input type="submit" name="Submit" value="' . esc_attr__(
 "Submit" ) . '" />
     </form>
     ';
     return $o;
 }
 add_filter( 'the_password_form', 'my_password_form' );
 }}}


 FINALLY, please either correct the input field in the Visibility box to
 limit character input to 20 characters, or PREFERABLY expand the password
 length to 64 characters (documenting this change, of course, and limiting
 the password entry to the new length).

--
Ticket URL: <http://core.trac.wordpress.org/ticket/24792>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list