[wp-trac] [WordPress Trac] #34297: Passwords containing ' or " via wp_set_password() break login via wp-login.php
WordPress Trac
noreply at wordpress.org
Sun Jun 26 10:20:49 UTC 2016
#34297: Passwords containing ' or " via wp_set_password() break login via wp-
login.php
----------------------------------------+-----------------------------
Reporter: manuakasam | Owner:
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future Release
Component: Login and Registration | Version:
Severity: normal | Resolution:
Keywords: needs-patch good-first-bug | Focuses: docs
----------------------------------------+-----------------------------
Comment (by devplus_timo):
Hello @manuakasam and @ocean90, wouldn't it be a nice idea to, instead of
mentioning the `wp_slash()` in the docs for `wp_signon()`,
`wp_set_password()` and `wp_update_user()`, write a check for these quotes
in the plain text password and if so, wrap the `wp_slash()` function
around the plain text password in core ourselves so that we can take away
the need for developers to really needing to read that part of the
documentation?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34297#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list