Do not sanitize the password | ww.wp.xz.cn

Resolved kaggdesign
(@kaggdesign)

2 years, 5 months ago
You have the bug in the \FLLoginFormModule::login
```
$password         = isset( $_POST['password'] ) ? sanitize_text_field( $_POST['password'] ) : false;
```
Password must not be sanitized. You can refer to the WP Core code. When you sanitize the password, it changes, for instance, q9MB92*0rJfT%dA%oZxQ3s(P to q9MB92*0rJfT%oZxQ3s(P and makes login impossible. This is the common case if a password contains % signs.

Please fix this bug. Thank you.

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Contributor Jamie
(@codente)

2 years, 4 months ago

Thanks for reporting it. We’ll look into this. Please note, this forum is only for the free plugin. The login module is only in the premium version.

For future bug reports and support requests for the premium version, please submit a ticket here:
https://docs.wpbeaverbuilder.com/beaver-builder/layouts/templates/add-a-layout-template-to-your-page

Shahidul Islam
(@bdkoder)

2 years, 2 months ago

Hi @jamie,
No, there is no need to sanitize passwords. You don’t want to strip out or rewrite a value on users’ set passwords. They will be hashed afterwards, so no need.

Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Do not sanitize the password’ is closed to new replies.

2 replies
3 participants
Last reply from: Shahidul Islam
Last activity: 2 years, 2 months ago
Status: resolved