Make WordPress Core


Ignore:
Timestamp:
03/22/2016 11:06:29 PM (9 years ago)
Author:
ocean90
Message:

Users: In edit_user() check for a blank password when adding a user.

Props wesleye, gitlost, adamsilverstein.
Fixes #35715.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/user.php

    r35772 r37059  
    114114    }
    115115
    116     /* checking the password has been typed twice */
    117116    /**
    118117     * Fires before the password and confirm password fields are checked for congruity.
     
    126125    do_action_ref_array( 'check_passwords', array( $user->user_login, &$pass1, &$pass2 ) );
    127126
    128     /* Check for "\" in password */
    129     if ( false !== strpos( wp_unslash( $pass1 ), "\\" ) )
     127    // Check for blank password when adding a user.
     128    if ( ! $update && empty( $pass1 ) ) {
     129        $errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter a password.' ), array( 'form-field' => 'pass1' ) );
     130    }
     131
     132    // Check for "\" in password.
     133    if ( false !== strpos( wp_unslash( $pass1 ), "\\" ) ) {
    130134        $errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );
    131 
    132     /* checking the password has been typed twice the same */
    133     if ( $pass1 != $pass2 )
     135    }
     136
     137    // Checking the password has been typed twice the same.
     138    if ( ( $update || ! empty( $pass1 ) ) && $pass1 != $pass2 ) {
    134139        $errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter the same password in both password fields.' ), array( 'form-field' => 'pass1' ) );
     140    }
    135141
    136142    if ( !empty( $pass1 ) )
Note: See TracChangeset for help on using the changeset viewer.