[wp-trac] [WordPress Trac] #56544: When resetting the password, inputting spaces on the left or right accepts and shows a successful reset password message. But when trying to login into the account without those spaces, it successfully logged me in.

WordPress Trac noreply at wordpress.org
Sun Sep 11 13:08:10 UTC 2022 

#56544: When resetting the password, inputting spaces on the left or right accepts
and shows a successful reset password message. But when trying to login
into the account without those spaces, it successfully logged me in.
--------------------------------------------+------------------------------
 Reporter:  islammdshariful                 |       Owner:  (none)
     Type:  defect (bug)                    |      Status:  new
 Priority:  normal                          |   Milestone:  Awaiting Review
Component:  Login and Registration          |     Version:  6.0.2
 Severity:  normal                          |  Resolution:
 Keywords:  reporter-feedback dev-feedback  |     Focuses:  privacy
--------------------------------------------+------------------------------
Changes (by costdev):

 * keywords:  needs-patch => reporter-feedback dev-feedback
 * focuses:  privacy, coding-standards => privacy
 * severity:  major => normal


Comment:

 Thanks for the ping @robinwpdeveloper 🙂

 I'm not at a PC at the moment, but my initial thinking is:

 - On creation,the password is trimmed:
   - " surrounded_with_spaces " becomes "surrounded_with_spaces" and is
 then processed and saved to the database.
 - On login, the password is trimmed:
   - " surrounded_with_spaces " becomes "surrounded_with_spaces" and is
 compared to the value in the database, which matches, and the user is
 logged in.

 Trimming passwords of surrounding space is common in case a password was
 copied and pasted from elsewhere and includes extra space around it.

 If this is the case, then I'd say it's a feature, not a bug.

 Needs investigation/confirmation before this ticket can be moved forward
 (either towards ''close'' or towards a patch).

 -----

 - Removing `needs-patch` as this isn't (yet) confirmed as a bug.
 - Setting Severity to ''normal'' until we know more.
 - Removing `coding-standards` as this doesn't pertain to WPCS.
 - @robinwpdeveloper To verify the `Version` property, can you confirm
 whether this only started happening in WordPress 6.0.2, or if it happens
 in earlier versions of WordPress? Otherwise, please set the `Version`
 property to empty until this has been investigated. (`Version` is for
 noting when a bug was introduced, not the version being used when it
 occurred).
 - Adding `dev-feedback` so that contributors know to investigate and give
 feedback on this behaviour.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/56544#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list