search

wp-cli / core-command

Downloads, installs, updates, and manages a WordPress installation.
MIT License
49 stars 50 forks source link

Can't login with certain characters as Password #236

Open yogasukma opened 1 year ago

yogasukma commented 1 year ago

I found issue with core install and user update, both command give different result when using same password.

So, the password is aTeeest'AM@1$987

Then i install WordPress using command

wp core install --admin_password='aTeeest'\''AM@1$987' --url=password22.test --title="password22" --admin_user="password22"  --admin_email="password22@email.com"

You see i am trying to escape single quote and dollar sign characters in --admin_password parameters.

While the command is run fine, i can't login using my password above.

Interestingly, when i did same with user update, like this

wp user update 1 --user_pass='aTeeest'\''AM@1$987'

Notice that --user_pass is same value with --admin_password, and It going fine, i can login with password i mentioned above.

Question is why it behave differently? is it bug? am i escape that special characters wrongly?

Thank You.

yogasukma commented 1 year ago

Another example:

my password is 1'2"34$56 and escaped version is 1'2\"34\$56 

echo "1'2\"34\$56"
// will return 1'2"34$56

I can't login if I installed WordPress with this command

wp core install --admin_password="1'2\"34\$56" --url=password22.test --title="password22" --admin_user="password22"  --admin_email="password22@email.com"

but when i update user using this command

wp user update 1 --user_pass="1'2\"34\$56"

it will be fine, i can login with my password above.

danielbachhuber commented 1 year ago

@yogasukma I added some debug to both commands. It seems like the arguments are parsed correctly in both scenarios:

$ wp user update 1 --user_pass='aTeeest'\''AM@1$987'
array(1) {
  ["user_pass"]=>
  string(16) "aTeeest'AM@1$987"
}
$ wp core install --admin_password='aTeeest'\''AM@1$987' --url=password22.test --title="password22" --admin_user="password22"  --admin_email="password22@email.com"
array(5) {
  ["url"]=>
  string(12) "vanilla.test"
  ["title"]=>
  string(10) "password22"
  ["admin_user"]=>
  string(10) "password22"
  ["admin_password"]=>
  string(16) "aTeeest'AM@1$987"
  ["admin_email"]=>
  string(20) "password22@email.com"
}

Does the problem manifest with other sites too? Does it reproduce with a fresh WordPress install and no plugins active?