WordPress.org

Make WordPress Core

Changeset 25709


Ignore:
Timestamp:
10/07/2013 01:53:09 PM (6 years ago)
Author:
nacin
Message:

Move the trim() from wp_set_password() to inside wp_hash_password().

props rpattillo, joehoyle.
fixes #24973. see #23494.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r25550 r25709  
    14571457    }
    14581458
    1459     return $wp_hasher->HashPassword($password);
     1459    return $wp_hasher->HashPassword( trim( $password ) );
    14601460}
    14611461endif;
     
    16041604    global $wpdb;
    16051605
    1606     $hash = wp_hash_password( trim( $password ) );
     1606    $hash = wp_hash_password( $password );
    16071607    $wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) );
    16081608
  • trunk/tests/phpunit/tests/auth.php

    r25363 r25709  
    4545    }
    4646
    47     /*
     47    /**
    4848     * @ticket 23494
    4949     */
     
    6666        }
    6767    }
     68
     69    /**
     70     * Test wp_hash_password trims whitespace
     71     *
     72     * This is similar to test_password_trimming but tests the "lower level"
     73     * wp_hash_password function
     74     *
     75     * @ticket 24973
     76     */
     77    function test_wp_hash_password_trimming() {
     78
     79        $password = ' pass with leading whitespace';
     80        $this->assertTrue( wp_check_password( 'pass with leading whitespace', wp_hash_password( $password ) ) );
     81
     82        $password = 'pass with trailing whitespace ';
     83        $this->assertTrue( wp_check_password( 'pass with trailing whitespace', wp_hash_password( $password ) ) );
     84
     85        $password = ' pass with whitespace ';
     86        $this->assertTrue( wp_check_password( 'pass with whitespace', wp_hash_password( $password ) ) );
     87
     88        $password = "pass with new line \n";
     89        $this->assertTrue( wp_check_password( 'pass with new line', wp_hash_password( $password ) ) );
     90
     91        $password = "pass with vertial tab o_O\x0B";
     92        $this->assertTrue( wp_check_password( 'pass with vertial tab o_O', wp_hash_password( $password ) ) );
     93    }
    6894}
Note: See TracChangeset for help on using the changeset viewer.