Low Description
(it looks like from other mails chadmichael is using 2.06.06)
mail from chadmichael:
I'm finding that when I create a user via the CMS admin interface, there's a
problem with certain passwords. In particular, I have encountered a problem
where a user created in this way, with a password contianing ampersands,
creates a broken account. The user can't login, but if the admin changes
the password to something simple, then the user can login. Oddly, the user
can then change their own password back to the previous password containing
ampersands and it works.
To recreate:
1) create a user via the CMS admin interface like: testee/no&yes&maybe
2) logout
3) try to login with the testee user – authentication fails
4) login as admin and change the password to something simple, like
"password"
5) login as testee/password – no problem!
6) change password back to "no&yes&maybe" via user's own password management
7) log out testee
8) log in as testee/no&yes&maybe – password with ampersands now works!
Must be some validation differences between the two functions "admin create
user" and "user edit password", eh?