WordPress.org

Make WordPress Core

Changeset 35618


Ignore:
Timestamp:
11/11/2015 10:30:27 PM (3 years ago)
Author:
wonderboymusic
Message:

Users: in wp_insert_user(), when a password isn't provided and the user exists, ensure that the password isn't wiped out.

Adds unit test.

Props leewillis77.
Fixes #29880.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user-functions.php

    r35280 r35618  
    12881288
    12891289        // hashed in wp_update_user(), plaintext if called directly
    1290         $user_pass = $userdata['user_pass'];
     1290        $user_pass = ! empty( $userdata['user_pass'] ) ? $userdata['user_pass'] : $old_user_data->user_pass;
    12911291    } else {
    12921292        $update = false;
     
    13311331    if ( in_array( $user_login, apply_filters( 'illegal_user_logins', array() ) ) ) {
    13321332        return new WP_Error( 'illegal_user_login', __( 'Sorry, that username is not allowed.' ) );
    1333     }   
     1333    }
    13341334
    13351335    /*
  • trunk/tests/phpunit/tests/user.php

    r35280 r35618  
    10141014        $this->assertEquals( $pwd_before, $pwd_after );
    10151015    }
     1016
     1017    /**
     1018     * @ticket 29880
     1019     */
     1020    function test_wp_insert_user() {
     1021        $user_details = array(
     1022            'user_login' => rand_str(),
     1023            'user_pass' => 'password',
     1024            'user_email' => rand_str() . '@example.com',
     1025        );
     1026        $id1 = wp_insert_user( $user_details );
     1027        $this->assertEquals( $id1, email_exists( $user_details['user_email'] ) );
     1028
     1029        // Check that providing an empty password doesn't remove a user's password.
     1030        // See ticket #29880
     1031        $user_details['ID'] = $id1;
     1032        $user_details['user_pass'] = '';
     1033        $id1 = wp_insert_user( $user_details );
     1034        $user = WP_User::get_data_by( 'id', $id1 );
     1035        $this->assertNotEmpty( $user->user_pass );
     1036    }
     1037
    10161038}
Note: See TracChangeset for help on using the changeset viewer.