[wp-trac] [WordPress Trac] #34297: Passwords containing ' or " via wp_set_password() break login via wp-login.php

WordPress Trac noreply at wordpress.org
Wed Oct 14 11:07:24 UTC 2015


#34297: Passwords containing ' or " via wp_set_password() break login via wp-
login.php
------------------------------------+-----------------------------
 Reporter:  manuakasam              |      Owner:
     Type:  defect (bug)            |     Status:  new
 Priority:  normal                  |  Milestone:  Awaiting Review
Component:  Login and Registration  |    Version:  4.3.1
 Severity:  normal                  |   Keywords:
  Focuses:                          |
------------------------------------+-----------------------------
 We are using custom plugins to have the user reset their passwords.
 Internally all that is done boils down to the following code:

 {{{
 wp_set_password('Test"123', 1);
 // alternative test
 wp_update_user([
     'ID' => 1,
     'user_password' => 'Test"123'
 ]);
 }}}

 Doing this the password gets successfully changed inside the database.

 Trying to login on wp-login.php now with the new password results in:
 "ERROR: The password you entered for the username admin is incorrect"

 Login however still works using wp_signon().

 I don't know what's going on there or where the differences are but surely
 this can't be intended behavior that we're not supposed to set passwords
 using ' or " via wp_set_passworod(), can it?

--
Ticket URL: <https://core.trac.wordpress.org/ticket/34297>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list