WordPress.org

Make WordPress Core

Ticket #49639: 49639-2.diff

File 49639-2.diff, 2.2 KB (added by ilovecats7, 3 months ago)
  • wp-includes/user.php

     
    17851785                $user_pass = ! empty( $userdata['user_pass'] ) ? $userdata['user_pass'] : $old_user_data->user_pass;
    17861786        } else {
    17871787                $update = false;
     1788
     1789        /**
     1790         * Filters a password before hashing it.
     1791         *
     1792         * @since 5.7.3
     1793         *
     1794         * @param string $userdata['user_pass'] The user's password.
     1795         */
     1796        $pre_hash_password = apply_filters( 'pre_hash_password', $userdata['user_pass'] );
     1797
     1798        if ( empty( $pre_hash_password ) ) {
     1799            return new WP_Error( 'empty_pre_hash_password', __( 'Cannot create a user with an empty password.' ) );
     1800        }
     1801
     1802        if ( false !== strpos( $pre_hash_password, '\\' ) ) {
     1803            return new WP_Error( 'illegal_pre_hash_password', __( 'Passwords may not contain the character "\\".' ) );
     1804        }
     1805
    17881806                // Hash the password.
    1789                 $user_pass = wp_hash_password( $userdata['user_pass'] );
     1807                $user_pass = wp_hash_password( $pre_hash_password );
    17901808        }
    17911809
    17921810        $sanitized_user_login = sanitize_user( $userdata['user_login'], true );
     
    21992217        $user = add_magic_quotes( $user );
    22002218
    22012219        if ( ! empty( $userdata['user_pass'] ) && $userdata['user_pass'] !== $user_obj->user_pass ) {
     2220
     2221        /** This filter is documented in wp-includes/user.php */
     2222        $pre_hash_password = apply_filters( 'pre_hash_password', $userdata['user_pass'] );
     2223
     2224        if ( empty( $pre_hash_password ) ) {
     2225            return new WP_Error( 'empty_pre_hash_password', __( 'Empty password.' ) );
     2226        }
     2227
     2228        if ( false !== strpos( $pre_hash_password, '\\' ) ) {
     2229            return new WP_Error( 'illegal_pre_hash_password', __( 'Passwords may not contain the character "\\".' ) );
     2230        }
     2231
    22022232                // If password is changing, hash it now.
    2203                 $plaintext_pass        = $userdata['user_pass'];
    2204                 $userdata['user_pass'] = wp_hash_password( $userdata['user_pass'] );
     2233                $plaintext_pass        = $pre_hash_password;
     2234                $userdata['user_pass'] = wp_hash_password( $pre_hash_password );
    22052235
    22062236                /**
    22072237                 * Filters whether to send the password change email.