[wp-trac] [WordPress Trac] #35715: edit_user() doesn't check for empty password (pass1).

WordPress Trac noreply at wordpress.org
Tue Mar 22 16:21:36 UTC 2016

#35715: edit_user() doesn't check for empty password (pass1).
 Reporter:  gitlost                              |       Owner:
     Type:  defect (bug)                         |  SergeyBiryukov
 Priority:  normal                               |      Status:  reviewing
Component:  Users                                |   Milestone:  4.5
 Severity:  normal                               |     Version:  4.4
 Keywords:  good-first-bug has-patch has-        |  Resolution:
  screenshots                                    |     Focuses:
Changes (by adamsilverstein):

 * keywords:  needs-testing good-first-bug has-patch => good-first-bug has-
     patch has-screenshots


 I tested this patch and verified it fixes the issue (turning off
 JavaScript lets you test this using the normal admin screens). Before this
 patch, you can create users with a blank password. That seems bad.

 Once the patch is applied, trying to create a user with a blank password
 throws an error. I also tested editing an existing user (leaving the
 password blank) without a problem. I also verified I can create a user
 with the password `0` and `000`, both worked fine.


Ticket URL: <https://core.trac.wordpress.org/ticket/35715#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list