Context Navigation

← Previous Ticket
Next Ticket →

#21495 new defect (bug)

wp_insert_user allows a user to be created with empty passwords

Reported by:	ancawonka	Owned by:
Priority:	normal	Milestone:	Awaiting Review
Component:	Users	Version:
Severity:	minor	Keywords:
Cc:

Description

While looking at the different files where user information is created, I noticed that there are some differences between wp_insert_user(programmatic creation of users) and edit_user (called from the admin).

wp_insert_user assumes that a user_pass parameter is included, which creates a user with no password.

Attachments (3)

21495.patch (545 bytes) - added by ancawonka 10 months ago.: Now checking for empty (or undefined) passwords in wp_create_user
21495.test.patch (562 bytes) - added by ancawonka 10 months ago.: properly annoted and put in its own test function
21495.2.patch (531 bytes) - added by SergeyBiryukov 10 months ago.: Removed superfluous !isset() check

Download all attachments as: .zip

Change History (3)

ancawonka — 10 months ago

Attachment 21495.patch added

Now checking for empty (or undefined) passwords in wp_create_user

ancawonka — 10 months ago

Attachment 21495.test.patch added

properly annoted and put in its own test function

SergeyBiryukov — 10 months ago

Attachment 21495.2.patch added

Removed superfluous !isset() check

Note: See TracTickets for help on using tickets.

Download in other formats: