[wp-trac] [WordPress Trac] #61703: the_password_form hook documentation incorrectly references 20char password limit

WordPress Trac noreply at wordpress.org
Thu Aug 1 00:57:25 UTC 2024 

#61703: the_password_form hook documentation incorrectly references 20char password
limit
-------------------------------+-----------------------------
 Reporter:  dd32               |       Owner:  SergeyBiryukov
     Type:  defect (bug)       |      Status:  reviewing
 Priority:  normal             |   Milestone:  6.7
Component:  Posts, Post Types  |     Version:  4.7
 Severity:  normal             |  Resolution:
 Keywords:  has-patch commit   |     Focuses:  docs
-------------------------------+-----------------------------
Changes (by dd32):

 * version:   => 4.7


Old description:

> The documentation for the 'the_password_form' hook currently reminds
> developers that the database schema limits the password to 20 characters
> in length.
>
> https://github.com/WordPress/wordpress-
> develop/blob/5a30482419f1b0bcc713a7fdee3a14afd67a1bca/src/wp-includes
> /post-template.php#L1780-L1782
>
> However, starting in WordPress 3.6 the password is no longer stored as
> plaintext, and instead as a hash, which removes the length limitation of
> the password.
>
> I'd suggest that the reminder can just be removed.
>
> Props @davidhbrown for noticing this.

New description:

 The documentation for the 'the_password_form' hook currently reminds
 developers that the database schema limits the password to 20 characters
 in length.

 https://github.com/WordPress/wordpress-
 develop/blob/5a30482419f1b0bcc713a7fdee3a14afd67a1bca/src/wp-includes
 /post-template.php#L1780-L1782

 ~~However, starting in WordPress 3.6 the password is no longer stored as
 plaintext, and instead as a hash, which removes the length limitation of
 the password.~~
 However, in WordPress 4.7 the column was increased in length to 255char.

 ~~I'd suggest that the reminder can just be removed.~~

 Props @davidhbrown for noticing this.

--

Comment:

 @peterwilsoncc Uhh, So... I've misrecalled how it works :D

 The change wasn't to store post_password in a hashed form, but rather to
 cease storing it in the access cookie in plaintext and instead store a
 hash there.. #19797 #3316

 Column increased in length via #881 / [38590]

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/61703#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list