From fc1438c8bc7e6e494ee1ea0d8261a34ef464b8b7 Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Mon, 7 Oct 2013 13:53:09 +0000 Subject: [PATCH] Move the trim() from wp_set_password() to inside wp_hash_password(). props rpattillo, joehoyle. fixes #24973. see #23494. git-svn-id: https://develop.svn.wordpress.org/trunk@25709 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/pluggable.php | 4 ++-- tests/phpunit/tests/auth.php | 28 +++++++++++++++++++++++++++- 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php index a5dfd53496..d75908261e 100644 --- a/src/wp-includes/pluggable.php +++ b/src/wp-includes/pluggable.php @@ -1456,7 +1456,7 @@ function wp_hash_password($password) { $wp_hasher = new PasswordHash(8, true); } - return $wp_hasher->HashPassword($password); + return $wp_hasher->HashPassword( trim( $password ) ); } endif; @@ -1603,7 +1603,7 @@ if ( !function_exists('wp_set_password') ) : function wp_set_password( $password, $user_id ) { global $wpdb; - $hash = wp_hash_password( trim( $password ) ); + $hash = wp_hash_password( $password ); $wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) ); wp_cache_delete($user_id, 'users'); diff --git a/tests/phpunit/tests/auth.php b/tests/phpunit/tests/auth.php index e304652527..32c679f9be 100644 --- a/tests/phpunit/tests/auth.php +++ b/tests/phpunit/tests/auth.php @@ -44,7 +44,7 @@ class Tests_Auth extends WP_UnitTestCase { $this->assertEquals( false, wp_validate_auth_cookie( $cookie, 'bar' ) ); } - /* + /** * @ticket 23494 */ function test_password_trimming() { @@ -65,4 +65,30 @@ class Tests_Auth extends WP_UnitTestCase { $this->assertEquals( $another_user, $authed_user->ID ); } } + + /** + * Test wp_hash_password trims whitespace + * + * This is similar to test_password_trimming but tests the "lower level" + * wp_hash_password function + * + * @ticket 24973 + */ + function test_wp_hash_password_trimming() { + + $password = ' pass with leading whitespace'; + $this->assertTrue( wp_check_password( 'pass with leading whitespace', wp_hash_password( $password ) ) ); + + $password = 'pass with trailing whitespace '; + $this->assertTrue( wp_check_password( 'pass with trailing whitespace', wp_hash_password( $password ) ) ); + + $password = ' pass with whitespace '; + $this->assertTrue( wp_check_password( 'pass with whitespace', wp_hash_password( $password ) ) ); + + $password = "pass with new line \n"; + $this->assertTrue( wp_check_password( 'pass with new line', wp_hash_password( $password ) ) ); + + $password = "pass with vertial tab o_O\x0B"; + $this->assertTrue( wp_check_password( 'pass with vertial tab o_O', wp_hash_password( $password ) ) ); + } }