[wp-trac] [WordPress Trac] #35715: edit_user() doesn't check for empty password (pass1).

WordPress Trac noreply at wordpress.org
Tue Mar 22 22:10:55 UTC 2016

#35715: edit_user() doesn't check for empty password (pass1).
 Reporter:  gitlost                              |       Owner:  ocean90
     Type:  defect (bug)                         |      Status:  accepted
 Priority:  normal                               |   Milestone:  4.5
Component:  Users                                |     Version:  4.4
 Severity:  normal                               |  Resolution:
 Keywords:  good-first-bug has-patch has-        |     Focuses:
  screenshots                                    |

Comment (by adamsilverstein):

 @ocean90 looks good, thanks for cleaning up the remaining doc blocks. I
 checked the functionality and everything worked fine, i see the error
 message if i try to use a blank password.

 I did notice one unintended consequence of the second password comparison
 change: if i edit an existing user and enter a password only in the pass2
 field, i don't get an error. Not sure if password actually updated, but
 should show an error.

 Conditional should likely be, i tested this, patch incoming:

 `if ( ( $update || strlen( $pass1 ) ) && $pass1 != $pass2 ) {`

Ticket URL: <https://core.trac.wordpress.org/ticket/35715#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list