[wp-trac] Re: [WordPress Trac] #6842: Password reset links produce
invalid keys
WordPress Trac
wp-trac at lists.automattic.com
Wed May 7 02:47:56 GMT 2008
#6842: Password reset links produce invalid keys
------------------------+---------------------------------------------------
Reporter: MtDewVirus | Owner: anonymous
Type: defect | Status: reopened
Priority: normal | Milestone: 2.5.2
Component: Security | Version: 2.5.1
Severity: normal | Resolution:
Keywords: |
------------------------+---------------------------------------------------
Comment (by DD32):
Replying to [comment:9 jimmysoho]:
> Just get rid of the "special chars" in wp_generate_password, they should
never be part of any password key.
Well, Now that they're optional its not a problem.
Using special chars greatly increases the complexity of the generated
string, Which is of great use when being used internally for things, eg.
as a seed for a password hashing function.
I think Blanking the User activation keys on upgrade to 2.5.2 as ryan said
would be the best method, Simply wipe them out, Sanitizing the value
shouldnt be needed as hopefully, assuming the value stays valid in the
future.
--
Ticket URL: <http://trac.wordpress.org/ticket/6842#comment:10>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list