WordPress.org

Make WordPress Core

Ticket #17009: 17009.2.patch

File 17009.2.patch, 1.1 KB (added by hakre, 7 years ago)

Check array key existance before use as well, handle password hashing for non-empty ID only (creation of new user [identified by empty ID] will take care of hashing on it's own).

  • wp-includes/user.php

    ### Eclipse Workspace Patch 1.0
    #P wordpress-trunk
     
    15431543 * @return int The updated user's ID.
    15441544 */
    15451545function wp_update_user($userdata) {
    1546         $ID = (int) $userdata['ID'];
     1546        // Retrieve data of existing user (if any)
     1547        $user = array();
     1548        if ( empty( $userdata['ID'] ) ) {
     1549                $ID = 0;
     1550        } else {
     1551                $ID = (int) $userdata['ID'];
     1552                // First, get all of the original fields
     1553                if ( $return = get_userdata($ID) ) {
     1554                        // Escape data pulled from DB.
     1555                        $user = add_magic_quotes(get_object_vars($return));
     1556                }
     1557                unset( $return );
     1558        }
    15471559
    1548         // First, get all of the original fields
    1549         $user = get_userdata($ID);
    1550 
    1551         // Escape data pulled from DB.
    1552         $user = add_magic_quotes(get_object_vars($user));
    1553 
    15541560        // If password is changing, hash it now.
    1555         if ( ! empty($userdata['user_pass']) ) {
     1561        if ( !empty($ID) && ! empty($userdata['user_pass']) ) {
    15561562                $plaintext_pass = $userdata['user_pass'];
    15571563                $userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
    15581564        }