Steps to replicate the issue (include links if applicable)
- Populate the file credentials.txt with a username and a password, both containing a backslash (\).
- Start WPCleaner, indicating it the path to the credentials.txt file (for instance java -jar getdown.jar . client -credentials credentials.txt).
What happens?
- Login fails.
- The strings in the text boxes are missing the backslashes (the password is obscured but is one letter shorter).
What should have happened instead?
- If the credentials are correct, login should not fail.
- Backslashes should be read like other characters, as assumptions should not be made over the content of usernames of passwords.
Software version (skip for WMF-hosted wikis like Wikipedia)
WPCleaner 2.05 (august 2022)
Other information (browser name/version, screenshots, etc.)
The likely cause of this bug is java.utils.Properties and its method load(), that treats backslashes as an escape character.
Using Debian 11.
Java 11.0.16 (openjdk).