[wp-trac] [WordPress Trac] #7197: With magic_quotes_gpc on you
can't change password to anything with " or ' inside.
WordPress Trac
wp-trac at lists.automattic.com
Sat Jun 28 12:20:03 GMT 2008
#7197: With magic_quotes_gpc on you can't change password to anything with " or '
inside.
----------------------------+-----------------------------------------------
Reporter: sesee | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.5.2
Component: Administration | Version: 2.5.1
Severity: normal | Keywords:
----------------------------+-----------------------------------------------
If magic_quotes_gpc are on, user cannot change password to something
having a " or ' inside.
When submitting, magic_quotes automatically quotes " to \", and user gets
and error:
ERROR: Passwords may not contain the character "\".
Although the password strength hint says:
Hint: Use upper and lower case characters, numbers and symbols like
!"?$%^&( in your password.
So, there are two solutions:
1. remove '"' from hint which tells that you can use that kind of a
password
2. if magic_quotes_gpc are on - stripslahes() the password ( it will be
hashed anyway, so no harm to the database ).
Patch for solution #2 included.
--
Ticket URL: <http://trac.wordpress.org/ticket/7197>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list