Skip to:
Content

BuddyPress.org

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#7594 closed defect (bug) (fixed)

Strip slashes from passwords before checking for backslashes

Reported by: johnpbloch's profile JohnPBloch Owned by: djpaul's profile djpaul
Milestone: 3.0 Priority: normal
Severity: normal Version: 2.9.0
Component: Settings Keywords: has-patch
Cc:

Description

When saving a password in BuddyPress, it should unslash the password before checking for backslashes. This is what core does when saving user data. WordPress passwords may contain ' single and " double quotes in them, which will arrive from POST data slashed.

Attachments (1)

7594.patch (682 bytes) - added by JohnPBloch 7 years ago.

Download all attachments as: .zip

Change History (4)

@JohnPBloch
7 years ago

#1 @JohnPBloch
7 years ago

  • Keywords has-patch added

Not a whole lot going on in the patch, just fixes the issue. :D

#2 @djpaul
7 years ago

  • Owner set to djpaul
  • Resolution set to fixed
  • Status changed from new to closed

In 11704:

Core: strip slashes from passwords before checking for backslashes.

Fixes #7594

Props JohnPBloch

#3 @DJPaul
7 years ago

  • Milestone changed from Awaiting Review to 3.0

Great find @JohnPBloch, thank you for the patch. That's probably been there 8 years. :)

Last edited 7 years ago by DJPaul (previous) (diff)
Note: See TracTickets for help on using tickets.