Ticket #27740: 27740.2.diff

wp-admin/install.php

@@ -190 +190 @@
                 // Fill in the data we gathered
                 $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
                 $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : '';
-                $admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ) : '';
-                $admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ) : '';
+                $admin_password = isset($_POST['admin_password']) ? trim( wp_unslash( $_POST['admin_password'] ) ) : '';
+                $admin_password_check = isset($_POST['admin_password2']) ? trim( wp_unslash( $_POST['admin_password2'] ) ) : '';
                 $admin_email  = isset( $_POST['admin_email']  ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : '';
                 $public       = isset( $_POST['blog_public']  ) ? (int) $_POST['blog_public'] : 0;
                 // check e-mail address
@@ -215 +215 @@
                         // TODO: poka-yoke
                         display_setup_form( __( 'Sorry, that isn&#8217;t a valid email address. Email addresses look like <code>username@example.com</code>.' ) );
                         $error = true;
+                } elseif ( empty( $admin_password ) ) {
+                        display_setup_form( __( 'Please provide a valid password.' ) );
+                        $error = true;
                 }
 
                 if ( $error === false ) {