User pass issue | ww.wp.xz.cn

Resolved saweber
(@saweber)

1 year ago
Hello,

The user password sanitizing used in login is wrong. I had a password containing “…%ea…” in the password, and after an upgrade, it fails to log in.

In fact, this part in “profile-magic-login-form.php” remove those characteres:
```
// Retrieve possible errors from request parameters
$pm_sanitizer = new PM_sanitizer;
$request = $pm_sanitizer->sanitize($_REQUEST);
$post = $pm_sanitizer->sanitize($_POST);
```
$_POST has the correct password, $post the incorrect one.

Maybe add a new case in the sanitizer instead of failing back to the sanitize_text_field for user_pass ?

I upgraded from Version: 5.9.3.3 to Version: 5.9.4.9. The “sanitize” function seems to had undergone a big rewrite.
- This topic was modified 1 year ago by saweber.

Viewing 1 replies (of 1 total)

profilegrid2
(@profilegrid2)

1 year ago

Hello @saweber,

Thank you for informing us about this. We have noted the issue and forwarded it to our team to be fixed in an upcoming release.

We appreciate your feedback and patience. If there’s anything else we can help you with in the meantime, feel free to reach out!

Viewing 1 replies (of 1 total)

The topic ‘User pass issue’ is closed to new replies.

Tags

1 reply
2 participants
Last reply from: profilegrid2
Last activity: 1 year ago
Status: resolved