[wp-trac] [WordPress Trac] #35715: edit_user() doesn't check for empty password (pass1).
WordPress Trac
noreply at wordpress.org
Tue Mar 22 16:21:36 UTC 2016
#35715: edit_user() doesn't check for empty password (pass1).
-------------------------------------------------+-------------------------
Reporter: gitlost | Owner:
Type: defect (bug) | SergeyBiryukov
Priority: normal | Status: reviewing
Component: Users | Milestone: 4.5
Severity: normal | Version: 4.4
Keywords: good-first-bug has-patch has- | Resolution:
screenshots | Focuses:
-------------------------------------------------+-------------------------
Changes (by adamsilverstein):
* keywords: needs-testing good-first-bug has-patch => good-first-bug has-
patch has-screenshots
Comment:
I tested this patch and verified it fixes the issue (turning off
JavaScript lets you test this using the normal admin screens). Before this
patch, you can create users with a blank password. That seems bad.
Once the patch is applied, trying to create a user with a blank password
throws an error. I also tested editing an existing user (leaving the
password blank) without a problem. I also verified I can create a user
with the password `0` and `000`, both worked fine.
Screenshot:
[[Image(http://cl.ly/432d3F1H0n3y/Add_New_User__10up_BUC__WordPress_2016-03-22_10-15-33.jpg)]]
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35715#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list