WordPress.org
Get WordPress

Make WordPress Core

Ticket #35500: 35500.1.diff

File 35500.1.diff, 822 bytes (added by hellofromTonya, 5 years ago)

Checks for a password of one space or all empty spaces. Does not check on first load.

  • src/wp-login.php 

    diff --git a/src/wp-login.php b/src/wp-login.php
index 11517dac21..789cafcb9b 100644
    a b switch ( $action ) { 
    841841
    842842                $errors = new WP_Error();
    843843
    844                 if ( isset( $_POST['pass1'] ) && $_POST['pass1'] !== $_POST['pass2'] ) {
     844                // Check if password is one or all empty spaces.
     845                if ( ! empty( $_POST['pass1'] ) ) {
     846                        $_POST['pass1'] = trim( $_POST['pass1'] );
     847       
     848                        if ( empty( $_POST['pass1'] ) ) {
     849                                $errors->add( 'password_reset_empty_space', __( 'The password cannot be a space or all spaces.' ) );
     850                        }
     851                }
     852
     853                // Check if password fields do not match.
     854                if ( ! empty( $_POST['pass1'] ) && $_POST['pass1'] !== $_POST['pass2'] ) {
    845855                        $errors->add( 'password_reset_mismatch', __( '<strong>Error</strong>: The passwords do not match.' ) );
    846856                }
    847857