Make WordPress Core

Ticket #35500: 35500.diff

File 35500.diff, 796 bytes (added by hellofromTonya, 4 years ago)

Trims and checks for empty pass1. If present, sets error to alert user and allows user to try again.

  • src/wp-login.php

    diff --git a/src/wp-login.php b/src/wp-login.php
    index 11517dac21..f7505636d5 100644
    a b switch ( $action ) { 
    841841
    842842                $errors = new WP_Error();
    843843
    844                 if ( isset( $_POST['pass1'] ) && $_POST['pass1'] !== $_POST['pass2'] ) {
    845                         $errors->add( 'password_reset_mismatch', __( '<strong>Error</strong>: The passwords do not match.' ) );
     844                if ( isset( $_POST['pass1'] ) ) {
     845                        $_POST['pass1'] = trim( $_POST['pass1'] );
     846                }
     847
     848                if ( empty( $_POST['pass1'] ) ) {
     849                        $errors->add( 'password_reset_space', __( 'The password cannot be a space or all spaces.' ) );
     850                        $_POST['pass1'] = '';
     851                } else if ( $_POST['pass1'] !== $_POST['pass2'] ) {
     852                        $errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
    846853                }
    847854
    848855                /**