[wp-trac] [WordPress Trac] #35715: edit_user() doesn't check for empty password (pass1).
WordPress Trac
noreply at wordpress.org
Tue Mar 22 21:27:02 UTC 2016
#35715: edit_user() doesn't check for empty password (pass1).
-------------------------------------------------+-------------------------
Reporter: gitlost | Owner: ocean90
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 4.5
Component: Users | Version: 4.4
Severity: normal | Resolution:
Keywords: good-first-bug has-patch has- | Focuses:
screenshots |
-------------------------------------------------+-------------------------
Comment (by ocean90):
Replying to [comment:20 adamsilverstein]:
> Replying to [comment:16 gitlost]:
> > Also just noticed the test for `! isset( $pass1 )` isn't needed here
as `$pass1` is always set.
>
> Are we checking elsewhere? are you certain this will always be set?
`$pass1` is initialized via `$pass1 = $pass2 = '';`. Even if you have a
callback for the `check_passwords` which does `unset( $pass1 )` it still
will be set.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35715#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list