Context Navigation

user.php

Timestamp:

10/13/2015 02:47:09 AM (9 years ago)

Author:

wonderboymusic

Message:

Users: when passing a WP_User instance to wp_update_user(), ensure that the user password is not accidentally double-hashed. This is terrifying.

Adds unit tests.

Props tbcorr, salcode.
Fixes #28435.

File:

-                      r34859
+                      r35116
         wp_new_user_notification( $user, 'this_is_deprecated' );
+    }
+    /**
+     * @ticket 28435
+     */
+    function test_wp_update_user_no_change_pwd() {
+        $testuserid = 1;
+        $user = get_userdata( $testuserid );
+        $pwd_before = $user->user_pass;
+        wp_update_user( $user );
+        // Reload the data
+        $pwd_after = get_userdata( $testuserid )->user_pass;
+        $this->assertEquals( $pwd_before, $pwd_after );
+    }
+}

Note: See TracChangeset for help on using the changeset viewer.