Entering an empty new password is allowed?

  • Resolved Adam Walter

    (@adamwalter)


    9 years, 11 months ago

    While testing this plugin, I tried leaving the new password fields empty during the reset process. To my surprise, it didn’t say I wasn’t allowed to do that but said that the password was successfully reset! However, you can’t have an empty password in WordPress, so this effectively locks the user completely until an admin fixes it.

    https://www.ads-software.com/plugins/expirepassword/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Adam Walter

    (@adamwalter)

    Since the plugin hasn’t been updated for 2 years and the developer hasn’t replied to a single question in this forum I guess we’re all stuck… It’s a pity because this does exactly what I need, but with a fatal bug!

    Thread Starter Adam Walter

    (@adamwalter)

    For anyone else interested in using this plugin, I fixed the password validation and submitted a pull request to the plugin developer. Hopefully he makes the change. In the meantime, you can check out the lines that need to change in public.expirepassword.php using the link below:

    https://github.com/shrkey/expirepassword/pull/3/files

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Entering an empty new password is allowed?’ is closed to new replies.