WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 7 years ago

#21495 closed defect (bug) (wontfix)

wp_insert_user allows a user to be created with empty passwords

Reported by: ancawonka Owned by:
Milestone: Priority: normal
Severity: minor Version:
Component: Users Keywords: has-patch
Focuses: Cc:

Description

While looking at the different files where user information is created, I noticed that there are some differences between wp_insert_user(programmatic creation of users) and edit_user (called from the admin).

wp_insert_user assumes that a user_pass parameter is included, which creates a user with no password.

Attachments (4)

21495.patch (545 bytes) - added by ancawonka 8 years ago.
Now checking for empty (or undefined) passwords in wp_create_user
21495.test.patch (562 bytes) - added by ancawonka 8 years ago.
properly annoted and put in its own test function
21495.2.patch (531 bytes) - added by SergeyBiryukov 8 years ago.
Removed superfluous !isset() check
21495.3.patch (503 bytes) - added by cklosows 7 years ago.
refresh and adds trim

Download all attachments as: .zip

Change History (12)

@ancawonka
8 years ago

Now checking for empty (or undefined) passwords in wp_create_user

@ancawonka
8 years ago

properly annoted and put in its own test function

@SergeyBiryukov
8 years ago

Removed superfluous !isset() check

#1 @c3mdigital
7 years ago

  • Keywords needs-refresh added

#2 @cklosows
7 years ago

  • Cc cklosowski@… added
  • Keywords has-patch needs-testing added; needs-refresh removed

Here's a refresh, also added a trim() check. This way even if the password is all spaces, it'll validate against empty. Without this I could use wp_insert_user with a string of spaces to insert a user with a 'blank' password. The user can't login either with this either.

@cklosows
7 years ago

refresh and adds trim

#3 @SergeyBiryukov
7 years ago

  • Milestone changed from Awaiting Review to 3.7

#4 @nacin
7 years ago

  • Milestone changed from 3.7 to Awaiting Review

I'm not sure creating a user with an empty password is a problem. What's the issue? Surely there are use cases where you don't want a user to log in. Or maybe you want them to do a reset in order to get started.

I have a feeling this could break importers and related scripts.

#5 @cklosows
7 years ago

I was in for the patch refresh, but I think the original thought was to match up the 'insert' method with the 'edit' method so they both require a password? Is that what you were hoping for @ancawonka?

I could see how there might be a few use cases. It appears that core and the official iOS app handle this by not being able to accept an empty (or all spaces) password string. Would updating this method to not allow empty password strings be in line with the move towards a stronger password requirement in admin though? Are there any cases where a non-official app could send an authentication request with an empty password string that core wouldn't fail validation on? wp-login.php doesn't accept one via POST.

Just throwing out possible points of interest on the discussion...

#6 @mordauk
7 years ago

I'd expect to be able to create a user via a direct function call without a password, but I would not expect to be able to create a user with a blank password from the UI.

Suggesting wontfix here.

#7 @knutsp
7 years ago

Please don't fix. Programatically creating a user should only require technically required parameters/fields. Not all users are expected to log in. Sometimes you need to just create a user to get a user id. Giving those a password is a secondary task.

#8 @SergeyBiryukov
7 years ago

  • Keywords needs-testing removed
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.