WordPress.org

Make WordPress Core

Changeset 35618


Ignore:
Timestamp:
11/11/15 22:30:27 (20 months ago)
Author:
wonderboymusic
Message:

Users: in wp_insert_user(), when a password isn't provided and the user exists, ensure that the password isn't wiped out.

Adds unit test.

Props leewillis77.
Fixes #29880.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user-functions.php

    r35280 r35618  
    12881288 
    12891289        // hashed in wp_update_user(), plaintext if called directly 
    1290         $user_pass = $userdata['user_pass']; 
     1290        $user_pass = ! empty( $userdata['user_pass'] ) ? $userdata['user_pass'] : $old_user_data->user_pass; 
    12911291    } else { 
    12921292        $update = false; 
     
    13311331    if ( in_array( $user_login, apply_filters( 'illegal_user_logins', array() ) ) ) { 
    13321332        return new WP_Error( 'illegal_user_login', __( 'Sorry, that username is not allowed.' ) ); 
    1333     }    
     1333    } 
    13341334 
    13351335    /* 
  • trunk/tests/phpunit/tests/user.php

    r35280 r35618  
    10141014        $this->assertEquals( $pwd_before, $pwd_after ); 
    10151015    } 
     1016 
     1017    /** 
     1018     * @ticket 29880 
     1019     */ 
     1020    function test_wp_insert_user() { 
     1021        $user_details = array( 
     1022            'user_login' => rand_str(), 
     1023            'user_pass' => 'password', 
     1024            'user_email' => rand_str() . '@example.com', 
     1025        ); 
     1026        $id1 = wp_insert_user( $user_details ); 
     1027        $this->assertEquals( $id1, email_exists( $user_details['user_email'] ) ); 
     1028 
     1029        // Check that providing an empty password doesn't remove a user's password. 
     1030        // See ticket #29880 
     1031        $user_details['ID'] = $id1; 
     1032        $user_details['user_pass'] = ''; 
     1033        $id1 = wp_insert_user( $user_details ); 
     1034        $user = WP_User::get_data_by( 'id', $id1 ); 
     1035        $this->assertNotEmpty( $user->user_pass ); 
     1036    } 
     1037 
    10161038} 
Note: See TracChangeset for help on using the changeset viewer.