WordPress.org

Make WordPress Core

Ticket #20140: 20140.3.diff

File 20140.3.diff, 3.1 KB (added by nacin, 10 months ago)
  • wp-admin/includes/user.php

     
    4242        if ( !$update && isset( $_POST['user_login'] ) ) 
    4343                $user->user_login = sanitize_user($_POST['user_login'], true); 
    4444 
    45         $pass1 = $pass2 = ''; 
     45        $current_pass = $pass1 = $pass2 = ''; 
     46        if ( isset( $_POST['current_pass'] ) ) 
     47                $current_pass = $_POST['current_pass']; 
    4648        if ( isset( $_POST['pass1'] ) ) 
    4749                $pass1 = $_POST['pass1']; 
    4850        if ( isset( $_POST['pass2'] ) ) 
     
    108110        if ( $user->user_login == '' ) 
    109111                $errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) ); 
    110112 
     113        /* checking current password has been entered and is correct */ 
     114        if ( $user_id == get_current_user_id() && $update && $pass1 && $pass2 ) { 
     115                if ( ! $current_pass ) 
     116                        $errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter your current password.' ), array( 'form-field' => 'current_pass' ) ); 
     117                elseif ( ! wp_check_password( $current_pass, $userdata->user_pass ) ) 
     118                        $errors->add( 'pass', __( '<strong>ERROR</strong>: The password you gave is incorrect.' ), array( 'form-field' => 'current_pass' ) ); 
     119        } 
     120 
    111121        /* checking the password has been typed twice */ 
    112122        do_action_ref_array( 'check_passwords', array( $user->user_login, &$pass1, &$pass2 ) ); 
    113123 
  • wp-admin/user-edit.php

     
    374374$show_password_fields = apply_filters('show_password_fields', true, $profileuser); 
    375375if ( $show_password_fields ) : 
    376376?> 
     377</table> 
     378 
     379<h3><?php _e( 'Change Password' ); ?></h3> 
     380 
     381<table class="form-table"> 
     382<?php if ( IS_PROFILE_PAGE ) : ?> 
     383        <tr id="current-password"> 
     384                <th><label for="current-pass"><?php _e( 'Current Password' ); ?></label></th> 
     385                <td> 
     386                        <input class="hidden" value=" " /><!-- #24364 workaround --> 
     387                        <input type="password" name="current_pass" id="current_pass" size="16" value="" autocomplete="off" /> 
     388                        <span class="description"><?php _e( 'If you would like to set a new password, type your current one here. Otherwise leave this blank.' ); ?></span> 
     389                </td> 
     390        </tr> 
     391<?php endif; ?> 
    377392<tr id="password"> 
    378393        <th><label for="pass1"><?php _e('New Password'); ?></label></th> 
    379394        <td> 
    380                 <input class="hidden" value=" " /><!-- #24364 workaround --> 
    381                 <input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("If you would like to change the password type a new one. Otherwise leave this blank."); ?></span> 
     395                <?php if ( ! IS_PROFILE_PAGE ) : ?><input class="hidden" value=" " /><!-- #24364 workaround --><?php endif; ?> 
     396                <input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> 
     397                <span class="description"> 
     398                        <?php echo IS_PROFILE_PAGE ? __( 'Type the new password here.' ) : __( 'If you would like to change the password type a new one. Otherwise leave this blank.' ); ?> 
     399                </span> 
    382400        </td> 
    383401</tr> 
    384402<tr>