[wp-trac] [WordPress Trac] #13654: Install should NOT use stripslashes on admin password
WordPress Trac
wp-trac at lists.automattic.com
Mon May 31 10:43:32 UTC 2010
#13654: Install should NOT use stripslashes on admin password
-----------------------------+----------------------------------------------
Reporter: johanee | Owner: dd32
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Upgrade/Install | Version: 3.0
Severity: normal | Keywords:
-----------------------------+----------------------------------------------
Comment(by markjaquith):
Good catch.
Your patch looks good for 3.0. For 3.1, we can put in migration code.
[5/31/10 6:34:11 AM] Mark Jaquith: We could migrate people.[[BR]]
[5/31/10 6:34:13 AM] Dion (dd32): Perhaps oughta just add proper
stripslashing in 3.1, and add back-compat to change password from non-
stripslashed to stripslashed.. similar to the md5->phpass
implementation..[[BR]]
[5/31/10 6:35:13 AM] Mark Jaquith: Yep. If the PW doesn't match,
addslashes() and compare again. If that matches, set the new PW hash.
Right?[[BR]]
[5/31/10 6:35:19 AM] Dion (dd32): yep
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13654#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list