Skip to content

Commit 6d9f8fa

Browse files
peterwilsonccpeterwilsoncc
committed
Users: Throw specific warning when wp_insert_user() called without user_pass.
Modifies `wp_insert_user()` to throw the warning `The user_pass field is required when creating a new user. The user will need to reset their password before logging in.` when called without the `user_pass` argument defined. This avoids a mix of warnings being thrown depending on the version of PHP the system is running on, anywhere between zero and three. To retain backward compatibility the user is created with an empty password. As WordPress does not accept an empty password during authentication, this will require the newly created user complete the password reset process. Props dd32, hbhalodia, iamadisingh, mindctrl, rollybueno, sheldorofazeroth, shilpaashokan94 Fixes #63770. git-svn-id: https://develop.svn.wordpress.org/trunk@60650 602fd350-edb4-49c9-b593-d223f7449a82
1 parent 2ac68e9 commit 6d9f8fa

File tree

2 files changed

+14
-2
lines changed

2 files changed

+14
-2
lines changed

src/wp-includes/user.php

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2221,6 +2221,18 @@ function wp_insert_user( $userdata ) {
22212221
$user_pass = ! empty( $userdata['user_pass'] ) ? $userdata['user_pass'] : $old_user_data->user_pass;
22222222
} else {
22232223
$update = false;
2224+
2225+
if ( empty( $userdata['user_pass'] ) ) {
2226+
wp_trigger_error(
2227+
__FUNCTION__,
2228+
__( 'The user_pass field is required when creating a new user. The user will need to reset their password before logging in.' ),
2229+
E_USER_WARNING
2230+
);
2231+
2232+
// Set the password as an empty string to force the password reset flow.
2233+
$userdata['user_pass'] = '';
2234+
}
2235+
22242236
// Hash the password.
22252237
$user_pass = wp_hash_password( $userdata['user_pass'] );
22262238
}

tests/phpunit/tests/user/slashes.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -154,7 +154,7 @@ public function test_wp_insert_user() {
154154
'nickname' => self::SLASH_5,
155155
'display_name' => self::SLASH_7,
156156
'description' => self::SLASH_3,
157-
'user_pass' => '',
157+
'user_pass' => 'password',
158158
)
159159
);
160160
$user = get_user_to_edit( $user_id );
@@ -175,7 +175,7 @@ public function test_wp_insert_user() {
175175
'nickname' => self::SLASH_6,
176176
'display_name' => self::SLASH_2,
177177
'description' => self::SLASH_4,
178-
'user_pass' => '',
178+
'user_pass' => 'password',
179179
)
180180
);
181181
$user = get_user_to_edit( $user_id );

0 commit comments

Comments
 (0)