[glotpress-updates] [GlotPress] #380: WordPress passwords with quotes don't let users login in GlotPress
GlotPress
noreply at wordpress.org
Wed Nov 26 16:54:34 UTC 2014
#380: WordPress passwords with quotes don't let users login in GlotPress
-------------------------+-----------------------------
Reporter: nbachiyski | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Keywords: needs-patch |
-------------------------+-----------------------------
Reproduction steps:
* Use WordPress user tables in GlotPress
* Set the password of a user to `test'` in WordPress
* Try to login in GlotPress
Expected: success, saw: failure.
The reason is that WordPress hashes the slashed passwords and stores this
hash in the database. See https://core.trac.wordpress.org/ticket/24367 for
details.
In GlotPress we’ve tried to never have access to slashed data, which
results to trying to hash the actual password, not the hashed one. Thus we
don't get a match.
Unless somebody has a better idea, we should just slash the password
before the password check.
Thanks to Gary Jones (garyj) for the report.
--
Ticket URL: <https://glotpress.trac.wordpress.org/ticket/380>
GlotPress <https://glotpress.trac.wordpress.org>
Easy comin', easy goin'
More information about the glotpress-updates
mailing list