[wp-trac] [WordPress Trac] #34297: Passwords containing ' or " via wp_set_password() break login via wp-login.php
WordPress Trac
noreply at wordpress.org
Wed Oct 14 11:07:24 UTC 2015
#34297: Passwords containing ' or " via wp_set_password() break login via wp-
login.php
------------------------------------+-----------------------------
Reporter: manuakasam | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 4.3.1
Severity: normal | Keywords:
Focuses: |
------------------------------------+-----------------------------
We are using custom plugins to have the user reset their passwords.
Internally all that is done boils down to the following code:
{{{
wp_set_password('Test"123', 1);
// alternative test
wp_update_user([
'ID' => 1,
'user_password' => 'Test"123'
]);
}}}
Doing this the password gets successfully changed inside the database.
Trying to login on wp-login.php now with the new password results in:
"ERROR: The password you entered for the username admin is incorrect"
Login however still works using wp_signon().
I don't know what's going on there or where the differences are but surely
this can't be intended behavior that we're not supposed to set passwords
using ' or " via wp_set_passworod(), can it?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34297>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list