Make WordPress Core

Opened 12 years ago

Closed 11 years ago

#21495 closed defect (bug) (wontfix)

wp_insert_user allows a user to be created with empty passwords

Reported by: ancawonka's profile ancawonka Owned by:
Milestone: Priority: normal
Severity: minor Version:
Component: Users Keywords: has-patch
Focuses: Cc:

Description

While looking at the different files where user information is created, I noticed that there are some differences between wp_insert_user(programmatic creation of users) and edit_user (called from the admin).

wp_insert_user assumes that a user_pass parameter is included, which creates a user with no password.

Attachments (4)

21495.patch (545 bytes) - added by ancawonka 12 years ago.
Now checking for empty (or undefined) passwords in wp_create_user
21495.test.patch (562 bytes) - added by ancawonka 12 years ago.
properly annoted and put in its own test function
21495.2.patch (531 bytes) - added by SergeyBiryukov 12 years ago.
Removed superfluous !isset() check
21495.3.patch (503 bytes) - added by cklosows 11 years ago.
refresh and adds trim

Download all attachments as: .zip

Change History (12)

@ancawonka
12 years ago

Now checking for empty (or undefined) passwords in wp_create_user

@ancawonka
12 years ago

properly annoted and put in its own test function

@SergeyBiryukov
12 years ago

Removed superfluous !isset() check

#1 @c3mdigital
11 years ago

  • Keywords needs-refresh added

#2 @cklosows
11 years ago

  • Cc cklosowski@… added
  • Keywords has-patch needs-testing added; needs-refresh removed

Here's a refresh, also added a trim() check. This way even if the password is all spaces, it'll validate against empty. Without this I could use wp_insert_user with a string of spaces to insert a user with a 'blank' password. The user can't login either with this either.

@cklosows
11 years ago

refresh and adds trim

#3 @SergeyBiryukov
11 years ago

  • Milestone changed from Awaiting Review to 3.7

#4 @nacin
11 years ago

  • Milestone changed from 3.7 to Awaiting Review

I'm not sure creating a user with an empty password is a problem. What's the issue? Surely there are use cases where you don't want a user to log in. Or maybe you want them to do a reset in order to get started.

I have a feeling this could break importers and related scripts.

#5 @cklosows
11 years ago

I was in for the patch refresh, but I think the original thought was to match up the 'insert' method with the 'edit' method so they both require a password? Is that what you were hoping for @ancawonka?

I could see how there might be a few use cases. It appears that core and the official iOS app handle this by not being able to accept an empty (or all spaces) password string. Would updating this method to not allow empty password strings be in line with the move towards a stronger password requirement in admin though? Are there any cases where a non-official app could send an authentication request with an empty password string that core wouldn't fail validation on? wp-login.php doesn't accept one via POST.

Just throwing out possible points of interest on the discussion...

#6 @mordauk
11 years ago

I'd expect to be able to create a user via a direct function call without a password, but I would not expect to be able to create a user with a blank password from the UI.

Suggesting wontfix here.

#7 @knutsp
11 years ago

Please don't fix. Programatically creating a user should only require technically required parameters/fields. Not all users are expected to log in. Sometimes you need to just create a user to get a user id. Giving those a password is a secondary task.

#8 @SergeyBiryukov
11 years ago

  • Keywords needs-testing removed
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.