vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2025-10-16 12:05:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Login, Registration: Prevent password reset to whitespace alone.

Browse Source 
Prevent users from using the password reset form to set their password to whitespace alone (tabs, spaces). This matches the processing used during the authentication flow, ensuring users do not inadvertently get locked out of their account.

Props antonrinas, swissspidy, voldemortensen, hellofromTonya, henry.wright, costdev.
Fixes #35500.



git-svn-id: https://develop.svn.wordpress.org/trunk@53067 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Peter Wilson 2022-04-05 03:25:38 +00:00
parent d613ac5555
commit a742b270ff
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/wp-login.php
View File

@ -904,7 +904,17 @@ switch ( $action ) {
$errors = new WP_Error();
if ( isset( $_POST['pass1'] ) && $_POST['pass1'] !== $_POST['pass2'] ) {
// Check if password is one or all empty spaces.
if ( ! empty( $_POST['pass1'] ) ) {
$_POST['pass1'] = trim( $_POST['pass1'] );
if ( empty( $_POST['pass1'] ) ) {
$errors->add( 'password_reset_empty_space', __( 'The password cannot be a space or all spaces.' ) );
}
}
// Check if password fields do not match.
if ( ! empty( $_POST['pass1'] ) && $_POST['pass1'] !== trim( $_POST['pass2'] ) ) {
$errors->add( 'password_reset_mismatch', __( '<strong>Error</strong>: The passwords do not match.' ) );
}