Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.When using a password with special characters, the value is not url decoded causing an inconsistency in the password strength reporting. The front end will tell you it's strong, while the back end tells you it is not strong.
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | 2358005-password_strength-ajax-urldecode_1.diff | 460 bytes | funkym |
Comments
Comment #1
funkym commentedComment #2
gregglesI tested this by doing:
1. Keep 7 as the minimum password length
2. Attempt to set my password to "12345 " with a single space on the end which gets urlencoded to %20
3. Observe that "Is shorter than 7 characters" goes away after I type the space which is not valid
4. Hit submit and notice the inconsistent error message "Password must contain at least 7 alphanumeric (letter or number) characters."
Applied patch and in step 3 the "Is shorter than 7 characters message" sticks around until I actually hit 7 characters.
RTBC from my perspective.
Comment #3
gregglesThis one is fairly straightforward, but conflicts with #2393873: Use current account rather than global $user in user_profile_form. I guess I suggest applying that one if first and I can reroll this one (or it's easy to manually apply).
Comment #5
coltranePasses tests and works well so committed. Thanks!