Closed johanee closed 1 year ago
wp_authenticate() expect arguments to have "slashed" data[1] (" encoded as \"), but WP REST parameters are unslashed[2].
wp_authenticate()
"
\"
Use wp_slash() on username and password before calling wp_authenticate(), or users with " in their password cannot log in.
See PR #127
( In fact the password stored in the WP database are still slashed when hashed... The whole thing is messy. )
[1] See wp_signon() usage in trac where slashed $_POST data is used directly. [2] https://make.wordpress.org/core/2016/04/06/rest-api-slashed-data-in-wordpress-4-4-and-4-5/
wp_signon()
$_POST
+1
avocade
commented
5 years ago avocade
commented
5 years ago
wp_authenticate()expect arguments to have "slashed" data[1] ("encoded as\"), but WP REST parameters are unslashed[2].Use wp_slash() on username and password before calling wp_authenticate(), or users with
"in their password cannot log in.See PR #127
( In fact the password stored in the WP database are still slashed when hashed... The whole thing is messy. )
[1] See
wp_signon()usage in trac where slashed$_POSTdata is used directly. [2] https://make.wordpress.org/core/2016/04/06/rest-api-slashed-data-in-wordpress-4-4-and-4-5/