Make WordPress Core


Ignore:
Timestamp:
11/11/2015 10:30:27 PM (9 years ago)
Author:
wonderboymusic
Message:

Users: in wp_insert_user(), when a password isn't provided and the user exists, ensure that the password isn't wiped out.

Adds unit test.

Props leewillis77.
Fixes #29880.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user-functions.php

    r35280 r35618  
    12881288
    12891289        // hashed in wp_update_user(), plaintext if called directly
    1290         $user_pass = $userdata['user_pass'];
     1290        $user_pass = ! empty( $userdata['user_pass'] ) ? $userdata['user_pass'] : $old_user_data->user_pass;
    12911291    } else {
    12921292        $update = false;
     
    13311331    if ( in_array( $user_login, apply_filters( 'illegal_user_logins', array() ) ) ) {
    13321332        return new WP_Error( 'illegal_user_login', __( 'Sorry, that username is not allowed.' ) );
    1333     }   
     1333    }
    13341334
    13351335    /*
Note: See TracChangeset for help on using the changeset viewer.