mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-07-04 09:10:06 +00:00
Users: when passing a WP_User instance to wp_update_user(), ensure that the user password is not accidentally double-hashed. This is terrifying.
Adds unit tests. Props tbcorr, salcode. Fixes #28435. git-svn-id: https://develop.svn.wordpress.org/trunk@35116 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -954,4 +954,18 @@ class Tests_User extends WP_UnitTestCase {
|
||||
|
||||
wp_new_user_notification( $user, 'this_is_deprecated' );
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 28435
|
||||
*/
|
||||
function test_wp_update_user_no_change_pwd() {
|
||||
$testuserid = 1;
|
||||
$user = get_userdata( $testuserid );
|
||||
$pwd_before = $user->user_pass;
|
||||
wp_update_user( $user );
|
||||
|
||||
// Reload the data
|
||||
$pwd_after = get_userdata( $testuserid )->user_pass;
|
||||
$this->assertEquals( $pwd_before, $pwd_after );
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user