WordPress.org

Make WordPress Core

Ticket #20140: 20140.3.diff

File 20140.3.diff, 3.1 KB (added by nacin, 6 years ago)
  • wp-admin/includes/user.php

     
    4242        if ( !$update && isset( $_POST['user_login'] ) )
    4343                $user->user_login = sanitize_user($_POST['user_login'], true);
    4444
    45         $pass1 = $pass2 = '';
     45        $current_pass = $pass1 = $pass2 = '';
     46        if ( isset( $_POST['current_pass'] ) )
     47                $current_pass = $_POST['current_pass'];
    4648        if ( isset( $_POST['pass1'] ) )
    4749                $pass1 = $_POST['pass1'];
    4850        if ( isset( $_POST['pass2'] ) )
     
    108110        if ( $user->user_login == '' )
    109111                $errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) );
    110112
     113        /* checking current password has been entered and is correct */
     114        if ( $user_id == get_current_user_id() && $update && $pass1 && $pass2 ) {
     115                if ( ! $current_pass )
     116                        $errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter your current password.' ), array( 'form-field' => 'current_pass' ) );
     117                elseif ( ! wp_check_password( $current_pass, $userdata->user_pass ) )
     118                        $errors->add( 'pass', __( '<strong>ERROR</strong>: The password you gave is incorrect.' ), array( 'form-field' => 'current_pass' ) );
     119        }
     120
    111121        /* checking the password has been typed twice */
    112122        do_action_ref_array( 'check_passwords', array( $user->user_login, &$pass1, &$pass2 ) );
    113123
  • wp-admin/user-edit.php

     
    374374$show_password_fields = apply_filters('show_password_fields', true, $profileuser);
    375375if ( $show_password_fields ) :
    376376?>
     377</table>
     378
     379<h3><?php _e( 'Change Password' ); ?></h3>
     380
     381<table class="form-table">
     382<?php if ( IS_PROFILE_PAGE ) : ?>
     383        <tr id="current-password">
     384                <th><label for="current-pass"><?php _e( 'Current Password' ); ?></label></th>
     385                <td>
     386                        <input class="hidden" value=" " /><!-- #24364 workaround -->
     387                        <input type="password" name="current_pass" id="current_pass" size="16" value="" autocomplete="off" />
     388                        <span class="description"><?php _e( 'If you would like to set a new password, type your current one here. Otherwise leave this blank.' ); ?></span>
     389                </td>
     390        </tr>
     391<?php endif; ?>
    377392<tr id="password">
    378393        <th><label for="pass1"><?php _e('New Password'); ?></label></th>
    379394        <td>
    380                 <input class="hidden" value=" " /><!-- #24364 workaround -->
    381                 <input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("If you would like to change the password type a new one. Otherwise leave this blank."); ?></span>
     395                <?php if ( ! IS_PROFILE_PAGE ) : ?><input class="hidden" value=" " /><!-- #24364 workaround --><?php endif; ?>
     396                <input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" />
     397                <span class="description">
     398                        <?php echo IS_PROFILE_PAGE ? __( 'Type the new password here.' ) : __( 'If you would like to change the password type a new one. Otherwise leave this blank.' ); ?>
     399                </span>
    382400        </td>
    383401</tr>
    384402<tr>