user password containing "
-
@ustk said in user password containing ":
prevent from using " on the password creation page
+1 for this. Quotes get mangled all over the place. Best to avoid them.
Meat Beats: https://meatbeats.com
Klippr Video: https://klippr.video -
@dannytaurus strange it's not forbidden by default...
-
@ustk Yes I ran into this issue too a few years ago. I think it's the JWT plugin that was the issue, can't remember now.
I added this snippet to my site to prevent users using quotations marks in their passwords.
function prevent_quotation_mark_passwords($errors, $user) { if (strpos($user->user_pass, '"') !== false || strpos($user->user_pass, "'") !== false) { $errors->add('password_error', __('The password cannot contain quotation marks.', 'your-text-domain')); } return $errors; } add_filter('registration_errors', 'prevent_quotation_mark_passwords', 10, 2); add_filter('user_profile_update_errors', 'prevent_quotation_mark_passwords', 10, 2); add_filter('woocommerce_registration_errors', 'prevent_quotation_mark_passwords', 11, 3); add_filter('woocommerce_save_account_details_errors', 'prevent_quotation_mark_passwords', 10, 3); function custom_password_reset_validation($errors, $user) { $new_password = isset($_POST['password_1']) ? wc_clean($_POST['password_1']) : ''; // Check if the password contains quotation marks if (strpos($new_password, '"') !== false || strpos($new_password, "'") !== false) { $errors->add('password_reset_error', __('The password cannot contain quotation marks.', 'your-text-domain')); } return $errors; } add_action('validate_password_reset', 'custom_password_reset_validation', 10, 2);Free HISE Bootcamp Full Course for beginners.
YouTube Channel - Public HISE tutorials
My Patreon - HISE tutorials -
@ustk
Oh, good to know! -
@David-Healey Oh nice
What about the backslash escape char
\? I'm afraid it can too lead to issues...I am testing a plugin called WP Password Policy. For now the special chars can't be specified but I just reached out the team and they said it's a nice addition so they'll push it along with the next update in about a week... Very reactive
-
@ustk said in user password containing ":
What about the backslash escape char ? I'm afraid it can too lead to issues...
Haven't ran in to any issues there
Free HISE Bootcamp Full Course for beginners.
YouTube Channel - Public HISE tutorials
My Patreon - HISE tutorials -
@David-Healey I just confirmed that
\also leads to issues, so you better add this rule to your current snippet
-
@ustk I ended up fixing the issue in the JWT wordpress plugin.
I was having issues with special characters as wellDan Korneff - Producer / Mixer / Audio Nerd
-
@Dan-Korneff Did you make a PR?
Free HISE Bootcamp Full Course for beginners.
YouTube Channel - Public HISE tutorials
My Patreon - HISE tutorials -
@Dan-Korneff Nice
@David-Healey said in user password containing ":
@Dan-Korneff Did you make a PR?
The 10 grand question
-
@David-Healey they didn't seem interested, so I'm maintaining my own fork. Maybe you can strip the update from my repo and make a PR?
Dan Korneff - Producer / Mixer / Audio Nerd
-
@Dan-Korneff or I'll just use your fork
got a link? -
I can't seem to make this repo public for some reason, but here's the download link:
https://dankorneff.com/wp-update-server/packages/korneff-jwt-auth.zip
