[wp-trac] [WordPress Trac] #7256: lostpassword does not work,
ancillary fix
WordPress Trac
wp-trac at lists.automattic.com
Mon Jul 7 16:34:53 GMT 2008
#7256: lostpassword does not work, ancillary fix
------------------------+---------------------------------------------------
Reporter: jonathan_v | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.5.2
Component: General | Version: 2.5.1
Severity: normal | Keywords:
------------------------+---------------------------------------------------
several bugfix tickets are addressing the fact that the lost password
function is broken
the cause of the bug , is that wp_generate_password uses these chars:
{{{
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()"
}}}
while reset_password only uses these:
{{{
[^a-z0-9]
}}}
i'd like to suggest an ancillary approach to fixing this - to complement
whatever method is chosen:
in pluggable.php, i think wp_generate_password should be met with a
function wp_validate_password.
then in reset_password, we replace
{{{
$key = preg_replace('/[^a-z0-9]/i', '', $key);
}}}
with
{{{
$key = wp_validate_password( $key );
}}}
then, the next time someone alters the wp_generate_password function , it
can be quickly met for validation with unit tests and they'd see the
'validate_password' function right there.
--
Ticket URL: <http://trac.wordpress.org/ticket/7256>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list