[wp-trac] [WordPress Trac] #27740: Passwords consisting of spaces are valid at install time

WordPress Trac noreply at wordpress.org
Sun Jun 15 12:55:18 UTC 2014 

#27740: Passwords consisting of spaces are valid at install time
-----------------------------+------------------------------
 Reporter:  nfreader         |       Owner:
     Type:  defect (bug)     |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Upgrade/Install  |     Version:  3.8.2
 Severity:  normal           |  Resolution:
 Keywords:  has-patch        |     Focuses:
-----------------------------+------------------------------

Comment (by izem):

 Replying to [comment:7 UmeshSingla]:
 > Yes I missed it totally, and I came across this as well
 http://stackoverflow.com/questions/632167/should-users-be-allowed-to-
 entered-a-password-with-a-space-at-the-beginning-or-e

 He might have a point there, though the common user is more likely to have
 the leading/trailing whitespace in its password by mistake. Anyway, its
 out of this bug's scope (no trimming is done at wp-admin/install.php, and
 this case deals with whitespace-only passwords).

 > So your patch seems to be more appropriate, although the error message
 could be more formal.

 English is not my native language, if you have a more-formal/better
 message please post it.
 [The message I've used is: 'Your password has nothing but whitespace.
 Please try again.']


 > Also `!empty($admin_password)` would return false for a password
 containing space only. I'm not sure if it will work properly.

 No, it will return TRUE for the case of a password containing one or more
 whitespaces.
 {{{
 test.php:
 <?php
         $admin_passwords = array('', ' ');
         foreach($admin_passwords as $admin_password) {
                 print "'{$admin_password}': " . (!empty($admin_password) ?
 'admin_password not empty' : 'admin_password is empty')
  . "\n";
         }
 ?>

 [root at wp_test tmp]# php ./test.php
 '': admin_password is empty
 ' ': admin_password not empty
 }}}

 I've tested the install form with my patch before attaching it here, it
 worked as expected in both cases (empty and nonempty). You are welcome to
 test is as well.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/27740#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list