Users: In `edit_user()` check for a blank password when adding a user.
Props wesleye, gitlost, adamsilverstein. Fixes #35715. git-svn-id: https://develop.svn.wordpress.org/trunk@37059 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dominik Schilling (ocean90)
parent
2a8573c6ca
commit
6c0a66cf49
|
|
@ -113,7 +113,6 @@ function edit_user( $user_id = 0 ) {
|
|||
$errors->add( 'nickname', __( '<strong>ERROR</strong>: Please enter a nickname.' ) );
|
||||
}
|
||||
|
||||
/* checking the password has been typed twice */
|
||||
/**
|
||||
* Fires before the password and confirm password fields are checked for congruity.
|
||||
*
|
||||
|
|
@ -125,13 +124,20 @@ function edit_user( $user_id = 0 ) {
|
|||
*/
|
||||
do_action_ref_array( 'check_passwords', array( $user->user_login, &$pass1, &$pass2 ) );
|
||||
|
||||
/* Check for "\" in password */
|
||||
if ( false !== strpos( wp_unslash( $pass1 ), "\\" ) )
|
||||
$errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );
|
||||
// Check for blank password when adding a user.
|
||||
if ( ! $update && empty( $pass1 ) ) {
|
||||
$errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter a password.' ), array( 'form-field' => 'pass1' ) );
|
||||
}
|
||||
|
||||
/* checking the password has been typed twice the same */
|
||||
if ( $pass1 != $pass2 )
|
||||
// Check for "\" in password.
|
||||
if ( false !== strpos( wp_unslash( $pass1 ), "\\" ) ) {
|
||||
$errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );
|
||||
}
|
||||
|
||||
// Checking the password has been typed twice the same.
|
||||
if ( ( $update || ! empty( $pass1 ) ) && $pass1 != $pass2 ) {
|
||||
$errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter the same password in both password fields.' ), array( 'form-field' => 'pass1' ) );
|
||||
}
|
||||
|
||||
if ( !empty( $pass1 ) )
|
||||
$user->user_pass = $pass1;
|
||||
|
|
|
|||
|
|
@ -1132,4 +1132,71 @@ class Tests_User extends WP_UnitTestCase {
|
|||
$this->assertTrue( $was_admin_email_sent );
|
||||
$this->assertFalse( $was_user_email_sent );
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks that calling edit_user() with no password returns an error when adding, and doesn't when updating.
|
||||
*
|
||||
* @ticket 35715
|
||||
*/
|
||||
function test_edit_user_blank_pw() {
|
||||
$_POST = $_GET = $_REQUEST = array();
|
||||
$_POST['role'] = 'subscriber';
|
||||
$_POST['email'] = 'user1@example.com';
|
||||
$_POST['user_login'] = 'user_login1';
|
||||
$_POST['first_name'] = 'first_name1';
|
||||
$_POST['last_name'] = 'last_name1';
|
||||
$_POST['nickname'] = 'nickname1';
|
||||
$_POST['display_name'] = 'display_name1';
|
||||
|
||||
// Check new user with missing password.
|
||||
$response = edit_user();
|
||||
|
||||
$this->assertInstanceOf( 'WP_Error', $response );
|
||||
$this->assertEquals( 'pass', $response->get_error_code() );
|
||||
|
||||
// Check new user with password set.
|
||||
$_POST['pass1'] = $_POST['pass2'] = 'password';
|
||||
|
||||
$user_id = edit_user();
|
||||
$user = get_user_by( 'ID', $user_id );
|
||||
|
||||
$this->assertInternalType( 'int', $user_id );
|
||||
$this->assertInstanceOf( 'WP_User', $user );
|
||||
$this->assertEquals( 'nickname1', $user->nickname );
|
||||
|
||||
// Check updating user with empty password.
|
||||
$_POST['nickname'] = 'nickname_updated';
|
||||
$_POST['pass1'] = $_POST['pass2'] = '';
|
||||
|
||||
$user_id = edit_user( $user_id );
|
||||
|
||||
$this->assertInternalType( 'int', $user_id );
|
||||
$this->assertEquals( 'nickname_updated', $user->nickname );
|
||||
|
||||
// Check updating user with missing second password.
|
||||
$_POST['nickname'] = 'nickname_updated2';
|
||||
$_POST['pass1'] = 'blank_pass2';
|
||||
$_POST['pass2'] = '';
|
||||
|
||||
$response = edit_user( $user_id );
|
||||
|
||||
$this->assertInstanceOf( 'WP_Error', $response );
|
||||
$this->assertEquals( 'pass', $response->get_error_code() );
|
||||
$this->assertEquals( 'nickname_updated', $user->nickname );
|
||||
|
||||
// Check updating user with empty password via `check_passwords` action.
|
||||
add_action( 'check_passwords', array( $this, 'action_check_passwords_blank_pw' ), 10, 2 );
|
||||
$user_id = edit_user( $user_id );
|
||||
remove_action( 'check_passwords', array( $this, 'action_check_passwords_blank_pw' ) );
|
||||
|
||||
$this->assertInternalType( 'int', $user_id );
|
||||
$this->assertEquals( 'nickname_updated2', $user->nickname );
|
||||
}
|
||||
|
||||
/**
|
||||
* Check passwords action for test_edit_user_blank_pw().
|
||||
*/
|
||||
function action_check_passwords_blank_pw( $user_login, &$pass1 ) {
|
||||
$pass1 = '';
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue