WordPress.org

Make WordPress Core

Ticket #24973: trim-password-2.diff

File trim-password-2.diff, 2.1 KB (added by joehoyle, 8 years ago)
  • tests/phpunit/tests/auth.php

     
    4444                $this->assertEquals( false, wp_validate_auth_cookie( $cookie, 'bar' ) );
    4545        }
    4646
    47         /*
     47        /**
    4848         * @ticket 23494
    4949         */
    5050        function test_password_trimming() {
     
    6565                        $this->assertEquals( $another_user, $authed_user->ID );
    6666                }
    6767        }
     68
     69        /**
     70         * Test wp_hash_password trims whitespace
     71         *
     72         * This is similar to test_password_trimming but tests the "lower level"
     73         * wp_hash_password function
     74         *
     75         * @group 24973
     76         */
     77        function test_wp_hash_password_trimming() {
     78
     79                $password = ' pass with leading whitespace';
     80                $this->assertTrue( wp_check_password( 'pass with leading whitespace', wp_hash_password( $password ) ) );
     81
     82                $password = 'pass with trailing whitespace ';
     83                $this->assertTrue( wp_check_password( 'pass with trailing whitespace', wp_hash_password( $password ) ) );
     84
     85                $password = ' pass with whitespace ';
     86                $this->assertTrue( wp_check_password( 'pass with whitespace', wp_hash_password( $password ) ) );
     87
     88                $password = "pass with new line \n";
     89                $this->assertTrue( wp_check_password( 'pass with new line', wp_hash_password( $password ) ) );
     90
     91                $password = "pass with vertial tab o_O\x0B";
     92                $this->assertTrue( wp_check_password( 'pass with vertial tab o_O', wp_hash_password( $password ) ) );
     93        }
    6894}
  • src/wp-includes/pluggable.php

     
    14561456                $wp_hasher = new PasswordHash(8, true);
    14571457        }
    14581458
    1459         return $wp_hasher->HashPassword($password);
     1459        return $wp_hasher->HashPassword(trim($password));
    14601460}
    14611461endif;
    14621462
     
    16031603function wp_set_password( $password, $user_id ) {
    16041604        global $wpdb;
    16051605
    1606         $hash = wp_hash_password( trim( $password ) );
     1606        $hash = wp_hash_password( $password );
    16071607        $wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) );
    16081608
    16091609        wp_cache_delete($user_id, 'users');