[wp-trac] [WordPress Trac] #35715: edit_user() doesn't check for empty password (pass1).

WordPress Trac noreply at wordpress.org
Tue Mar 1 10:56:51 UTC 2016


#35715: edit_user() doesn't check for empty password (pass1).
-------------------------------------------------+-------------------------
 Reporter:  gitlost                              |       Owner:
     Type:  defect (bug)                         |  SergeyBiryukov
 Priority:  normal                               |      Status:  reviewing
Component:  Users                                |   Milestone:  4.5
 Severity:  normal                               |     Version:  4.4
 Keywords:  needs-testing good-first-bug has-    |  Resolution:
  patch                                          |     Focuses:
-------------------------------------------------+-------------------------

Comment (by gitlost):

 Good point, and there's a load of other `empty()` tests in there that have
 the same issue. Not sure what the correct thing to do is - I suppose
 change the `pass1` check to do the right thing? (The others could then be
 fixed in a separate ticket - along with `user_login`, which does do an
 exact match but fails to do a `! isset()` first, leading to a PHP
 warning.)

 Re coding style there should be a
 [https://make.wordpress.org/core/handbook/best-practices/coding-
 standards/php/#space-usage space] before the `$update`, and after opening
 and before closing round brackets in the errors add bit...

--
Ticket URL: <https://core.trac.wordpress.org/ticket/35715#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list