Users: in wp_insert_user(), when a password isn't provided and the user exists, ensure that the password isn't wiped out.

Adds unit test.

Props leewillis77.
Fixes #29880.


git-svn-id: https://develop.svn.wordpress.org/trunk@35618 602fd350-edb4-49c9-b593-d223f7449a82

src/wp-includes/user-functions.php

@@ -1287,7 +1287,7 @@ function wp_insert_user( $userdata ) {
 		}
 
 		// hashed in wp_update_user(), plaintext if called directly
-		$user_pass = $userdata['user_pass'];
+		$user_pass = ! empty( $userdata['user_pass'] ) ? $userdata['user_pass'] : $old_user_data->user_pass;
 	} else {
 		$update = false;
 		// Hash the password
@@ -1330,7 +1330,7 @@ function wp_insert_user( $userdata ) {
 	 */
 	if ( in_array( $user_login, apply_filters( 'illegal_user_logins', array() ) ) ) {
 		return new WP_Error( 'illegal_user_login', __( 'Sorry, that username is not allowed.' ) );
-	}	
+	}
 
 	/*
 	 * If a nicename is provided, remove unsafe user characters before using it.

tests/phpunit/tests/user.php

@@ -1013,4 +1013,26 @@ class Tests_User extends WP_UnitTestCase {
 		$pwd_after = get_userdata( $testuserid )->user_pass;
 		$this->assertEquals( $pwd_before, $pwd_after );
 	}
+
+ 	/**
+	 * @ticket 29880
+	 */
+	function test_wp_insert_user() {
+		$user_details = array(
+			'user_login' => rand_str(),
+			'user_pass' => 'password',
+			'user_email' => rand_str() . '@example.com',
+		);
+		$id1 = wp_insert_user( $user_details );
+		$this->assertEquals( $id1, email_exists( $user_details['user_email'] ) );
+
+		// Check that providing an empty password doesn't remove a user's password.
+		// See ticket #29880
+		$user_details['ID'] = $id1;
+		$user_details['user_pass'] = '';
+		$id1 = wp_insert_user( $user_details );
+		$user = WP_User::get_data_by( 'id', $id1 );
+		$this->assertNotEmpty( $user->user_pass );
+	}
+
 }