diff --git a/src/js/_enqueues/admin/user-profile.js b/src/js/_enqueues/admin/user-profile.js index b73f2ab5c4..ef3e1afcc9 100644 --- a/src/js/_enqueues/admin/user-profile.js +++ b/src/js/_enqueues/admin/user-profile.js @@ -215,7 +215,7 @@ var pass1 = $('#pass1').val(), strength; $('#pass-strength-result').removeClass('short bad good strong empty'); - if ( ! pass1 ) { + if ( ! pass1 || '' === pass1.trim() ) { $( '#pass-strength-result' ).addClass( 'empty' ).html( ' ' ); return; } diff --git a/src/wp-admin/includes/user.php b/src/wp-admin/includes/user.php index de7cb989c1..5fbfd9f9b4 100644 --- a/src/wp-admin/includes/user.php +++ b/src/wp-admin/includes/user.php @@ -47,10 +47,10 @@ function edit_user( $user_id = 0 ) { $pass1 = ''; $pass2 = ''; if ( isset( $_POST['pass1'] ) ) { - $pass1 = $_POST['pass1']; + $pass1 = trim( $_POST['pass1'] ); } if ( isset( $_POST['pass2'] ) ) { - $pass2 = $_POST['pass2']; + $pass2 = trim( $_POST['pass2'] ); } if ( isset( $_POST['role'] ) && current_user_can( 'promote_users' ) && ( ! $user_id || current_user_can( 'promote_user', $user_id ) ) ) { diff --git a/tests/phpunit/tests/user.php b/tests/phpunit/tests/user.php index b9d93325aa..c7a237c4d0 100644 --- a/tests/phpunit/tests/user.php +++ b/tests/phpunit/tests/user.php @@ -1451,6 +1451,7 @@ class Tests_User extends WP_UnitTestCase { * Checks that calling edit_user() with no password returns an error when adding, and doesn't when updating. * * @ticket 35715 + * @ticket 42766 */ function test_edit_user_blank_pw() { $_POST = array(); @@ -1491,6 +1492,18 @@ class Tests_User extends WP_UnitTestCase { $this->assertInternalType( 'int', $user_id ); $this->assertSame( 'nickname_updated', $user->nickname ); + // Check not to change an old password if a new password contains only spaces. Ticket #42766 + $user = get_user_by( 'ID', $user_id ); + $old_pass = $user->user_pass; + $_POST['pass2'] = ' '; + $_POST['pass1'] = ' '; + + $user_id = edit_user( $user_id ); + $user = get_user_by( 'ID', $user_id ); + + $this->assertInternalType( 'int', $user_id ); + $this->assertEquals( $old_pass, $user->user_pass ); + // Check updating user with missing second password. $_POST['nickname'] = 'nickname_updated2'; $_POST['pass1'] = 'blank_pass2';