Ticket #16484: 16484.2.diff

wp-includes/capabilities.php

@@ -526 +526 @@
                         $value = trim( $value );
                 }
 
-                if ( !$value )
+                if ( !isset($value) )
                         return false;
 
                 switch ( $field ) {

wp-includes/user.php

@@ -24 +24 @@
  */
 function wp_signon( $credentials = '', $secure_cookie = '' ) {
         if ( empty($credentials) ) {
-                if ( ! empty($_POST['log']) )
+                if ( isset($_POST['log']) )
                         $credentials['user_login'] = $_POST['log'];
                 if ( ! empty($_POST['pwd']) )
                         $credentials['user_password'] = $_POST['pwd'];
                 if ( ! empty($_POST['rememberme']) )
                         $credentials['remember'] = $_POST['rememberme'];
         }
-
         if ( !empty($credentials['remember']) )
                 $credentials['remember'] = true;
         else
@@ -51 +50 @@
         add_filter('authenticate', 'wp_authenticate_cookie', 30, 3);
 
         $user = wp_authenticate($credentials['user_login'], $credentials['user_password']);
-
         if ( is_wp_error($user) ) {
                 if ( $user->get_error_codes() == array('empty_username', 'empty_password') ) {
                         $user = new WP_Error('', '');
@@ -71 +69 @@
 add_filter('authenticate', 'wp_authenticate_username_password', 20, 3);
 function wp_authenticate_username_password($user, $username, $password) {
         if ( is_a($user, 'WP_User') ) { return $user; }
-
-        if ( empty($username) || empty($password) ) {
+        if ( !isset($username) || empty($password) ) {
                 $error = new WP_Error();
 
-                if ( empty($username) )
+                if ( !isset($username) )
                         $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
 
                 if ( empty($password) )
@@ -83 +80 @@
 
                 return $error;
         }
-
         $user = get_user_by('login', $username);
-
         if ( !$user )
                 return new WP_Error('invalid_username', sprintf(__('<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), wp_lostpassword_url()));
 
@@ -1032 +1027 @@
                         $_selected = selected( $user->ID, $selected, false );
                         if ( $_selected )
                                 $found_selected = true;
-                        $display = !empty($user->$show) ? $user->$show : '('. $user->user_login . ')';
+                        $display = isset($user->$show) && strlen($user->$show) ? $user->$show : '('. $user->user_login . ')';
                         $output .= "\t<option value='$user->ID'$_selected>" . esc_html($display) . "</option>\n";
                 }
 
                 if ( $include_selected && ! $found_selected && ( $selected > 0 ) ) {
                         $user = get_userdata( $selected );
                         $_selected = selected( $user->ID, $selected, false );
-                        $display = !empty($user->$show) ? $user->$show : '('. $user->user_login . ')';
+                        $display = isset($user->$show) && strlen($user->$show) ? $user->$show : '('. $user->user_login . ')';
                         $output .= "\t<option value='$user->ID'$_selected>" . esc_html($display) . "</option>\n";
                 }
 
@@ -1279 +1274 @@
         //Remove any non-printable chars from the login string to see if we have ended up with an empty username
         $user_login = trim($user_login);
 
-        if ( empty($user_login) )
+        if ( !isset($user_login) || !strlen($user_login) )
                 return new WP_Error('empty_user_login', __('Cannot create a user with an empty login name.') );
 
         if ( !$update && username_exists( $user_login ) )