From 688c155dd8e576e0078a771495d5ae124baf053c Mon Sep 17 00:00:00 2001
From: Scott Taylor <wonderboymusic@git.wordpress.org>
Date: Wed, 11 Nov 2015 22:30:27 +0000
Subject: [PATCH] Users: in `wp_insert_user()`, when a password isn't provided
 and the user exists, ensure that the password isn't wiped out.

Adds unit test.

Props leewillis77.
Fixes #29880.


git-svn-id: https://develop.svn.wordpress.org/trunk@35618 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/user-functions.php |  4 ++--
 tests/phpunit/tests/user.php       | 22 ++++++++++++++++++++++
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/user-functions.php b/src/wp-includes/user-functions.php
index 36c245d7ae..89ee9c8574 100644
--- a/src/wp-includes/user-functions.php
+++ b/src/wp-includes/user-functions.php
@@ -1287,7 +1287,7 @@ function wp_insert_user( $userdata ) {
 		}
 
 		// hashed in wp_update_user(), plaintext if called directly
-		$user_pass = $userdata['user_pass'];
+		$user_pass = ! empty( $userdata['user_pass'] ) ? $userdata['user_pass'] : $old_user_data->user_pass;
 	} else {
 		$update = false;
 		// Hash the password
@@ -1330,7 +1330,7 @@ function wp_insert_user( $userdata ) {
 	 */
 	if ( in_array( $user_login, apply_filters( 'illegal_user_logins', array() ) ) ) {
 		return new WP_Error( 'illegal_user_login', __( 'Sorry, that username is not allowed.' ) );
-	}	
+	}
 
 	/*
 	 * If a nicename is provided, remove unsafe user characters before using it.
diff --git a/tests/phpunit/tests/user.php b/tests/phpunit/tests/user.php
index c70aa970a0..e3525dffae 100644
--- a/tests/phpunit/tests/user.php
+++ b/tests/phpunit/tests/user.php
@@ -1013,4 +1013,26 @@ class Tests_User extends WP_UnitTestCase {
 		$pwd_after = get_userdata( $testuserid )->user_pass;
 		$this->assertEquals( $pwd_before, $pwd_after );
 	}
+
+ 	/**
+	 * @ticket 29880
+	 */
+	function test_wp_insert_user() {
+		$user_details = array(
+			'user_login' => rand_str(),
+			'user_pass' => 'password',
+			'user_email' => rand_str() . '@example.com',
+		);
+		$id1 = wp_insert_user( $user_details );
+		$this->assertEquals( $id1, email_exists( $user_details['user_email'] ) );
+
+		// Check that providing an empty password doesn't remove a user's password.
+		// See ticket #29880
+		$user_details['ID'] = $id1;
+		$user_details['user_pass'] = '';
+		$id1 = wp_insert_user( $user_details );
+		$user = WP_User::get_data_by( 'id', $id1 );
+		$this->assertNotEmpty( $user->user_pass );
+	}
+
 }