[wp-trac] [WordPress Trac] #13351: Auto-generated Password Nag
WordPress Trac
wp-trac at lists.automattic.com
Wed Aug 15 00:27:54 UTC 2012
#13351: Auto-generated Password Nag
----------------------------+-----------------------
Reporter: battis | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 3.5
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+-----------------------
Changes (by SergeyBiryukov):
* keywords: reporter-feedback => has-patch
* version: 3.4.1 =>
* milestone: => 3.5
Comment:
The latest bug was introduced in [21376].
Now that `get_userdata()` returns existing data for current user,
`default_password_nag_edit_user()` compares the old password to itself and
fails to delete the `default_password_nag` option: [[BR]]
http://core.trac.wordpress.org/browser/trunk/wp-
admin/includes/user.php?rev=21496#L334
`wp_generate_auth_cookie()` (called via `wp_update_user())` also receives
the old data, which causes it to create cookies for the old password and
leads to logout: [[BR]]
http://core.trac.wordpress.org/browser/trunk/wp-
includes/pluggable.php#L581
[attachment:13351.patch] replaces `get_userdata()` with `new WP_User()` in
those two places. An alternative would probably be to check if `$_POST`
(or a specific key) is empty in `get_user_by()`.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13351#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list