[buddypress-trac] [BuddyPress Trac] #7594: Strip slashes from passwords before checking for backslashes
buddypress-trac
noreply at wordpress.org
Fri Sep 8 15:25:45 UTC 2017
#7594: Strip slashes from passwords before checking for backslashes
--------------------------+-----------------------------
Reporter: JohnPBloch | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Settings | Version: 2.9.0
Severity: normal | Keywords:
--------------------------+-----------------------------
When saving a password in BuddyPress, it should unslash the password
before checking for backslashes. This is
[https://github.com/WordPress/WordPress/blob/bbb8d48086b7d10908f4fda673585ee122f2851d
/wp-admin/includes/user.php#L147 what core does when saving user data].
WordPress passwords may contain `'` single and `"` double quotes in them,
which will arrive from POST data slashed.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7594>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list