[wp-trac] [WordPress Trac] #19261: wp_update_user causes password to be double hashed
WordPress Trac
wp-trac at lists.automattic.com
Wed Nov 16 13:14:28 UTC 2011
#19261: wp_update_user causes password to be double hashed
--------------------------+-----------------------------
Reporter: WPsites | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 3.3
Severity: normal | Keywords:
--------------------------+-----------------------------
If you use [http://core.trac.wordpress.org/browser/trunk/wp-
includes/user.php#L1400 wp_update_user] to insert/update a user and you
pass in the users password (user_pass) then the password gets hashed in
wp_update_user and then gets hashed again when wp_insert_user is called
further down.
So I think line 1419 of /wp-includes/user.php needs to be removed as not
not hash the password.
In fact what is the point of wp_update_user? when wp_insert_user seems to
do exactly the same thing CORRECTLY.
This is the same for all versions of WordPress since 2.0 I reckon.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19261>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list