Opened 12 years ago
Closed 11 years ago
#21495 closed defect (bug) (wontfix)
wp_insert_user allows a user to be created with empty passwords
Reported by: | ancawonka | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | minor | Version: | |
Component: | Users | Keywords: | has-patch |
Focuses: | Cc: |
Description
While looking at the different files where user information is created, I noticed that there are some differences between wp_insert_user(programmatic creation of users) and edit_user (called from the admin).
wp_insert_user assumes that a user_pass parameter is included, which creates a user with no password.
Attachments (4)
Change History (12)
#2
@
11 years ago
- Cc cklosowski@… added
- Keywords has-patch needs-testing added; needs-refresh removed
Here's a refresh, also added a trim()
check. This way even if the password is all spaces, it'll validate against empty. Without this I could use wp_insert_user with a string of spaces to insert a user with a 'blank' password. The user can't login either with this either.
#4
@
11 years ago
- Milestone changed from 3.7 to Awaiting Review
I'm not sure creating a user with an empty password is a problem. What's the issue? Surely there are use cases where you don't want a user to log in. Or maybe you want them to do a reset in order to get started.
I have a feeling this could break importers and related scripts.
#5
@
11 years ago
I was in for the patch refresh, but I think the original thought was to match up the 'insert' method with the 'edit' method so they both require a password? Is that what you were hoping for @ancawonka?
I could see how there might be a few use cases. It appears that core and the official iOS app handle this by not being able to accept an empty (or all spaces) password string. Would updating this method to not allow empty password strings be in line with the move towards a stronger password requirement in admin though? Are there any cases where a non-official app could send an authentication request with an empty password string that core wouldn't fail validation on? wp-login.php doesn't accept one via POST.
Just throwing out possible points of interest on the discussion...
#6
@
11 years ago
I'd expect to be able to create a user via a direct function call without a password, but I would not expect to be able to create a user with a blank password from the UI.
Suggesting wontfix here.
Now checking for empty (or undefined) passwords in wp_create_user