[wp-trac] [WordPress Trac] #53339: Inconsistency in allowed characters for a password
WordPress Trac
noreply at wordpress.org
Sat Jun 5 18:10:08 UTC 2021
#53339: Inconsistency in allowed characters for a password
--------------------------+-----------------------------
Reporter: henry.wright | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
When a user attempts to reset his or her password using the facility on
the front-end, they are able to use the `\` character in their new
password.
When a user attempts to change their password at wp-admin > Users >
Profile, they aren't able to use the `\` character in their password.
This feels like an inconsistency.
Further, I noticed whitespace is stripped from the beginning and end of
the password string when using the change password facility at wp-admin >
Users > Profile. Note `trim()` isn't used in the password reset facility
on the front-end.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53339>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list