[wp-trac] [WordPress Trac] #21495: wp_insert_user allows a user to be created with empty passwords
WordPress Trac
noreply at wordpress.org
Sun Aug 25 19:15:49 UTC 2013
#21495: wp_insert_user allows a user to be created with empty passwords
-------------------------------------+------------------------------
Reporter: ancawonka | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: minor | Resolution:
Keywords: has-patch needs-testing |
-------------------------------------+------------------------------
Changes (by cklosows):
* cc: cklosowski@… (added)
* keywords: needs-refresh => has-patch needs-testing
Comment:
Here's a refresh, also added a {{{ trim() }}} check. This way even if the
password is all spaces, it'll validate against empty. Without this I could
use wp_insert_user with a string of spaces to insert a user with a 'blank'
password. The user can't login either with this either.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21495#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list