[wp-trac] [WordPress Trac] #35715: edit_user() doesn't check for empty password (pass1).
WordPress Trac
noreply at wordpress.org
Thu Feb 4 15:42:00 UTC 2016
#35715: edit_user() doesn't check for empty password (pass1).
--------------------------+-----------------------------
Reporter: gitlost | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 4.4
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
This is a follow-up to #33101.
The check for an empty password in `edit_user()` got lost in the wash, so
if you're calling it programmatically you can't rely on it checking your
POST data, which is inconvenient (and causes a PHP undefined index notice
later on `user_pass`). A simple restoration of eg
{{{#!php
if ( empty( $pass1 ) )
$errors->add( 'pass', __( '<strong>ERROR</strong>: Please
enter your password.' ), array( 'form-field' => 'pass1' ) );
}}}
would do it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35715>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list