Changeset 25709

Timestamp:

10/07/2013 01:53:09 PM (12 years ago)

Author:

nacin

Message:

Move the trim() from wp_set_password() to inside wp_hash_password().

props rpattillo, joehoyle.
fixes #24973. see #23494.

Location:

trunk

Files:

• src/wp-includes/pluggable.php (modified) (2 diffs)
• tests/phpunit/tests/auth.php (modified) (2 diffs)

trunk/src/wp-includes/pluggable.php

@@ -1457 +1457 @@
     }
 
-    return $wp_hasher->HashPassword($password);
+    return $wp_hasher->HashPassword( trim( $password ) );
 }
 endif;
@@ -1604 +1604 @@
     global $wpdb;
 
-    $hash = wp_hash_password( trim( $password ) );
+    $hash = wp_hash_password( $password );
     $wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) );
 

trunk/tests/phpunit/tests/auth.php

@@ -45 +45 @@
     }
 
-    /*
+    /**
      * @ticket 23494
      */
@@ -66 +66 @@
         }
     }
+
+    /**
+     * Test wp_hash_password trims whitespace
+     * 
+     * This is similar to test_password_trimming but tests the "lower level" 
+     * wp_hash_password function
+     * 
+     * @ticket 24973
+     */
+    function test_wp_hash_password_trimming() {
+
+        $password = ' pass with leading whitespace';
+        $this->assertTrue( wp_check_password( 'pass with leading whitespace', wp_hash_password( $password ) ) );
+
+        $password = 'pass with trailing whitespace ';
+        $this->assertTrue( wp_check_password( 'pass with trailing whitespace', wp_hash_password( $password ) ) );
+
+        $password = ' pass with whitespace ';
+        $this->assertTrue( wp_check_password( 'pass with whitespace', wp_hash_password( $password ) ) );
+
+        $password = "pass with new line \n";
+        $this->assertTrue( wp_check_password( 'pass with new line', wp_hash_password( $password ) ) );
+
+        $password = "pass with vertial tab o_O\x0B";
+        $this->assertTrue( wp_check_password( 'pass with vertial tab o_O', wp_hash_password( $password ) ) );
+    }
 }