Make WordPress Core

Opened 10 years ago

Closed 9 years ago

Last modified 9 years ago

#29880 closed defect (bug) (fixed)

wp_insert_user() wiping out user_pass when one isn't provided and the user exists

Reported by: cartpauj's profile cartpauj Owned by: chriscct7's profile chriscct7
Milestone: 4.4 Priority: normal
Severity: normal Version: 4.0
Component: Users Keywords: has-patch needs-refresh
Focuses: Cc:


This is similar to #21495 but not identical.

Passing wp_insert_user() the following for example, will cause the Users password to be nullified if the user already exists:

array(6) {


  string(10) "subscriber"


  string(15) "test"


  string(15) ""


  string(3) "John"


  string(3) "Doe"




I propose changing (found here:

$user_pass = $userdata['user_pass'];

to this or something similar

$user_pass = (isset($userdata['user_pass']) && !empty($userdata['user_pass']))?$userdata['user_pass']:$old_user_data->user_pass;

Attachments (3)

29880.diff (1.5 KB) - added by leewillis77 10 years ago.
29880.2.diff (1.1 KB) - added by leewillis77 10 years ago.
29880.3.patch (1.1 KB) - added by chriscct7 9 years ago.

Download all attachments as: .zip

Change History (11)

#1 @leewillis77
10 years ago

  • Keywords has-patch added

Attached is a patch, with tests, that implements this behaviour.

10 years ago

#3 @leewillis77
10 years ago

Hi Sergey,

Thanks for your comment - in that case perhaps deprecating the use case of passing a user ID is the better solution here. Patch attached.

10 years ago

9 years ago

#4 @chriscct7
9 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 4.4
  • Owner set to chriscct7
  • Status changed from new to accepted

#5 @SergeyBiryukov
9 years ago

Looks like this was a regression in [28454], so 29880.diff might be the way to go.

#6 @SergeyBiryukov
9 years ago

  • Keywords needs-refresh added; commit removed

#7 @wonderboymusic
9 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 35618:

Users: in wp_insert_user(), when a password isn't provided and the user exists, ensure that the password isn't wiped out.

Adds unit test.

Props leewillis77.
Fixes #29880.

#8 @SergeyBiryukov
9 years ago

In 35732:

Users: Move the tests added in [35116] and [35618] to a more appropriate place and give them a better name.

See #28435, #29880.

Note: See TracTickets for help on using tickets.