sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Users: prevent saving empty passwords, trim space from password ends on save.

Browse Source 
Fix an issue where users could save a password with only spaces, or spaces at the beginning or end of their password, preventing them from logging in.

Props ronakganatra, 1naveengiri, ajensen, oolleegg55, bookdude13, nrqsnchz, aristath.
Fixes #42766.



git-svn-id: https://develop.svn.wordpress.org/trunk@49118 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Adam Silverstein 2020-10-10 16:49:35 +00:00
parent ac0e283045
commit 4f3c9c1f30
3 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/js/_enqueues/admin/user-profile.js
View File

@ -215,7 +215,7 @@
var pass1 = $('#pass1').val(), strength; var pass1 = $('#pass1').val(), strength;
$('#pass-strength-result').removeClass('short bad good strong empty'); $('#pass-strength-result').removeClass('short bad good strong empty');
if ( ! pass1 ) { if ( ! pass1 || '' === pass1.trim() ) {
$( '#pass-strength-result' ).addClass( 'empty' ).html( ' ' ); $( '#pass-strength-result' ).addClass( 'empty' ).html( ' ' );
return; return;
} }

4
src/wp-admin/includes/user.php
View File

@ -47,10 +47,10 @@ function edit_user( $user_id = 0 ) {
$pass1 = ''; $pass1 = '';
$pass2 = ''; $pass2 = '';
if ( isset( $_POST['pass1'] ) ) { if ( isset( $_POST['pass1'] ) ) {
$pass1 = $_POST['pass1']; $pass1 = trim( $_POST['pass1'] );
} }
if ( isset( $_POST['pass2'] ) ) { if ( isset( $_POST['pass2'] ) ) {
$pass2 = $_POST['pass2']; $pass2 = trim( $_POST['pass2'] );
} }
if ( isset( $_POST['role'] ) && current_user_can( 'promote_users' ) && ( ! $user_id || current_user_can( 'promote_user', $user_id ) ) ) { if ( isset( $_POST['role'] ) && current_user_can( 'promote_users' ) && ( ! $user_id || current_user_can( 'promote_user', $user_id ) ) ) {

13
tests/phpunit/tests/user.php
View File

@ -1451,6 +1451,7 @@ class Tests_User extends WP_UnitTestCase {
* Checks that calling edit_user() with no password returns an error when adding, and doesn't when updating. * Checks that calling edit_user() with no password returns an error when adding, and doesn't when updating.
* *
* @ticket 35715 * @ticket 35715
* @ticket 42766
*/ */
function test_edit_user_blank_pw() { function test_edit_user_blank_pw() {
$_POST = array(); $_POST = array();
@ -1491,6 +1492,18 @@ class Tests_User extends WP_UnitTestCase {
$this->assertInternalType( 'int', $user_id ); $this->assertInternalType( 'int', $user_id );
$this->assertSame( 'nickname_updated', $user->nickname ); $this->assertSame( 'nickname_updated', $user->nickname );
// Check not to change an old password if a new password contains only spaces. Ticket #42766
$user = get_user_by( 'ID', $user_id );
$old_pass = $user->user_pass;
$_POST['pass2'] = ' ';
$_POST['pass1'] = ' ';
$user_id = edit_user( $user_id );
$user = get_user_by( 'ID', $user_id );
$this->assertInternalType( 'int', $user_id );
$this->assertEquals( $old_pass, $user->user_pass );
// Check updating user with missing second password. // Check updating user with missing second password.
$_POST['nickname'] = 'nickname_updated2'; $_POST['nickname'] = 'nickname_updated2';
$_POST['pass1'] = 'blank_pass2'; $_POST['pass1'] = 'blank_pass2';