WordPress.org

Make WordPress Core

Ticket #24973: 24973.diff

File 24973.diff, 1.5 KB (added by jeremyfelt, 8 years ago)
  • src/wp-includes/pluggable.php

     
    14561456                $wp_hasher = new PasswordHash(8, true);
    14571457        }
    14581458
    1459         return $wp_hasher->HashPassword($password);
     1459        return $wp_hasher->HashPassword( trim( $password ) );
    14601460}
    14611461endif;
    14621462
     
    16031603function wp_set_password( $password, $user_id ) {
    16041604        global $wpdb;
    16051605
    1606         $hash = wp_hash_password( trim( $password ) );
     1606        $hash = wp_hash_password( $password );
    16071607        $wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) );
    16081608
    16091609        wp_cache_delete($user_id, 'users');
  • tests/phpunit/tests/auth.php

     
    6565                        $this->assertEquals( $another_user, $authed_user->ID );
    6666                }
    6767        }
     68
     69        /*
     70         * @ticket 24973
     71         */
     72        function test_password_hash_trimming() {
     73                $passwords_to_test = array(
     74                        'a password with no trailing or leading spaces',
     75                        'a password with trailing spaces ',
     76                        ' a password with leading spaces',
     77                        ' a password with trailing and leading spaces ',
     78                );
     79
     80                foreach ( $passwords_to_test as $password_to_test ) {
     81                        $password_hashed = wp_hash_password( $password_to_test );
     82                        $password_check = wp_check_password( trim( $password_to_test ), $password_hashed );
     83
     84                        $this->assertTrue( $password_check );
     85                }
     86        }
    6887}