Ticket #17830: wp-ticket-17830.diff
File wp-ticket-17830.diff, 1.9 KB (added by , 13 years ago) |
---|
-
wp-includes/user.php
1392 1392 $old_user_data = get_userdata($ID); 1393 1393 } else { 1394 1394 $update = false; 1395 // Hash the password 1396 $user_pass = wp_hash_password($user_pass); 1395 // if we are creating, we store the password in $plaintext_pass 1396 // to be passed to wp_set_password later 1397 $plaintext_pass = $userdata['user_pass']; 1398 // and we don't store the plain text password in the DB, even temporarily 1399 $userdata['user_pass'] = ''; 1397 1400 } 1398 1401 1399 1402 $user_login = sanitize_user($user_login, true); … … 1486 1489 } else { 1487 1490 $wpdb->insert( $wpdb->users, $data + compact( 'user_login' ) ); 1488 1491 $user_id = (int) $wpdb->insert_id; 1492 // wp_set_password encapsulates how to set the password 1493 wp_set_password($plaintext_pass, $user_id); 1489 1494 } 1490 1495 1491 1496 update_user_meta( $user_id, 'first_name', $first_name ); … … 1552 1557 // Escape data pulled from DB. 1553 1558 $user = add_magic_quotes(get_object_vars($user)); 1554 1559 1555 // If password is changing, hash it now. 1560 // If password is changing, keep the value 1561 // to be passed to wp_set_password later 1556 1562 if ( ! empty($userdata['user_pass']) ) { 1557 1563 $plaintext_pass = $userdata['user_pass']; 1558 $userdata['user_pass'] = wp_hash_password($userdata['user_pass']); 1564 // don't the plain text password the value to wp_insert_user 1565 // it should not be put into the database 1566 $userdata['user_pass'] = ''; 1567 $password_changed = true; 1568 } else { 1569 $password_changed = false; 1559 1570 } 1560 1571 1561 1572 wp_cache_delete($user[ 'user_email' ], 'useremail'); … … 1564 1575 $userdata = array_merge($user, $userdata); 1565 1576 $user_id = wp_insert_user($userdata); 1566 1577 1578 if ( $password_changed ) { 1579 wp_set_password($plaintext_pass, $ID); 1580 } 1581 1567 1582 // Update the cookies if the password changed. 1568 1583 $current_user = wp_get_current_user(); 1569 1584 if ( $current_user->id == $ID ) {