Password being wrongly sanitized

  • Resolved lorisgir

    (@lorisgir)


    1 year, 5 months ago

    Hi, today I encountered a problem where a user after the signup or the password reset could not login with is newly created password. It sound a bit strange at first but then I tested it myself and I reproduced the same error.

    I found out that this problem occurs only if I use special characters. Digging at your code, I saw that you sanitize the password at stm_lms_restore_password (line 1940) and stm_lms_register (line 282).

    I handled these two situations in this way:

    for stm_lsm_register

    //dont sanitize password
    if( 'register_user_password' !== $field_key && 'register_user_password_re' !== $field_key ) {
        $data[ $field_key ] = STM_LMS_Helpers::sanitize_fields( $data[ $field_key ], $field['type'] );
    }

    and by just removing the function sanitize_text_field for stm_lms_restore_password

    //dont sanitize password
    $password        = $data['new_password'];
    $repeat_password = $data['repeat_password'];

    Would this be the right way of handling this problem?

Viewing 1 replies (of 1 total)
  • Plugin Support mgordon7

    (@mgordon7)

    1 year, 5 months ago

    Hello,

    Thank you for reaching out,

    Yes, according to our QA and dev feedback this issue should be fixed from the plugin itself. Our dev team will fix this in the coming updates of the plugin. Once again thank you for bringing this case to our attention

    Best regards

Viewing 1 replies (of 1 total)

The topic ‘Password being wrongly sanitized’ is closed to new replies.