WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 5 years ago

Last modified 5 years ago

#29880 closed defect (bug) (fixed)

wp_insert_user() wiping out user_pass when one isn't provided and the user exists

Reported by: cartpauj Owned by: chriscct7
Milestone: 4.4 Priority: normal
Severity: normal Version: 4.0
Component: Users Keywords: has-patch needs-refresh
Focuses: Cc:

Description

This is similar to #21495 but not identical.

Passing wp_insert_user() the following for example, will cause the Users password to be nullified if the user already exists:

array(6) {

  ["role"]=>

  string(10) "subscriber"

  ["user_login"]=>

  string(15) "test"

  ["user_email"]=>

  string(15) "test@example.com"

  ["first_name"]=>

  string(3) "John"

  ["last_name"]=>

  string(3) "Doe"

  ["ID"]=>

  int(123)

}

I propose changing (found here: http://cspf.co/XvqW)

$user_pass = $userdata['user_pass'];

to this or something similar

$user_pass = (isset($userdata['user_pass']) && !empty($userdata['user_pass']))?$userdata['user_pass']:$old_user_data->user_pass;

Attachments (3)

29880.diff (1.5 KB) - added by leewillis77 6 years ago.
29880.2.diff (1.1 KB) - added by leewillis77 6 years ago.
29880.3.patch (1.1 KB) - added by chriscct7 5 years ago.

Download all attachments as: .zip

Change History (11)

#1 @leewillis77
6 years ago

  • Keywords has-patch added

Attached is a patch, with tests, that implements this behaviour.

@leewillis77
6 years ago

#3 @leewillis77
6 years ago

Hi Sergey,

Thanks for your comment - in that case perhaps deprecating the use case of passing a user ID is the better solution here. Patch attached.

@leewillis77
6 years ago

@chriscct7
5 years ago

#4 @chriscct7
5 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 4.4
  • Owner set to chriscct7
  • Status changed from new to accepted

#5 @SergeyBiryukov
5 years ago

Looks like this was a regression in [28454], so 29880.diff might be the way to go.

#6 @SergeyBiryukov
5 years ago

  • Keywords needs-refresh added; commit removed

#7 @wonderboymusic
5 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 35618:

Users: in wp_insert_user(), when a password isn't provided and the user exists, ensure that the password isn't wiped out.

Adds unit test.

Props leewillis77.
Fixes #29880.

#8 @SergeyBiryukov
5 years ago

In 35732:

Users: Move the tests added in [35116] and [35618] to a more appropriate place and give them a better name.

See #28435, #29880.

Note: See TracTickets for help on using tickets.