I consider the current sanitizing of the password field on version 2.0.3 and 2.0.4 Change Password screen to be an error since anything is allowed in a password, so I adjusted the get_posted_field function before the return in \includes\abstracts\abstract-wpum-form.php, with the following code to get it to leave the password field alone because, by default, it was removing all occurrences of % followed by two digits in the password field. This likely would not help anything but the Change Password page because of the different field names.
//before the return to avoid allowing a modified password
if (substr($key,0,8)===’password’){return isset( $_POST[ $key ] ) ? $_POST[ $key ] : ”;}
This clearly is not the correct adjustment to make nor the correct way to do it, but I will wait for an update.
Regardless of this issue, thanks for a great plugin.
