[wp-trac] [WordPress Trac] #27740: Passwords consisting of spaces are valid at install time
WordPress Trac
noreply at wordpress.org
Sat Jun 7 10:40:51 UTC 2014
#27740: Passwords consisting of spaces are valid at install time
-----------------------------+------------------------------
Reporter: nfreader | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: 3.8.2
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by izem):
[this is my first time trying to contribute to WordPress, hope I'm doing
it right]
I've reproduced this on version 4.0-alpha-28611-src
The whitespace-only password is passed as-is from wp-admin/install.php to
wp_install function at wp-admin/includes/upgrade.php, there a trim
function is used that make it an empty string. If password is empty,
wp_generate_password function is called to generate a random password for
the user (in according to: "A password will be automatically generated for
you if you leave this blank.").
Thing is, user didn't leave the password blank and might expect it to be
the whitespace-only password he entered and not a random password that
will be emailed to him later.
To avoid this we can add another poka-yoke at wp-admin/install.php
I've made a patch that check if admin_password isn't empty, but becomes
empty if trim() is used on it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27740#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list