Do not sanitize the password

  • Resolved kaggdesign

    (@kaggdesign)


    1 year, 2 months ago

    You have the bug in the \FLLoginFormModule::login

    $password         = isset( $_POST['password'] ) ? sanitize_text_field( $_POST['password'] ) : false;

    Password must not be sanitized. You can refer to the WP Core code. When you sanitize the password, it changes, for instance, q9MB92*0rJfT%dA%oZxQ3s(P to q9MB92*0rJfT%oZxQ3s(P and makes login impossible. This is the common case if a password contains % signs.

    Please fix this bug. Thank you.

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Do not sanitize the password’ is closed to new replies.