Login, Registration: Prevent password reset to whitespace alone.
Prevent users from using the password reset form to set their password to whitespace alone (tabs, spaces). This matches the processing used during the authentication flow, ensuring users do not inadvertently get locked out of their account. Props antonrinas, swissspidy, voldemortensen, hellofromTonya, henry.wright, costdev. Fixes #35500. Built from https://develop.svn.wordpress.org/trunk@53067 git-svn-id: http://core.svn.wordpress.org/trunk@52656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
f908c6e495
commit
d4f060b216
|
@ -16,7 +16,7 @@
|
|||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '6.0-alpha-53066';
|
||||
$wp_version = '6.0-alpha-53067';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
|
12
wp-login.php
12
wp-login.php
|
@ -904,7 +904,17 @@ switch ( $action ) {
|
|||
|
||||
$errors = new WP_Error();
|
||||
|
||||
if ( isset( $_POST['pass1'] ) && $_POST['pass1'] !== $_POST['pass2'] ) {
|
||||
// Check if password is one or all empty spaces.
|
||||
if ( ! empty( $_POST['pass1'] ) ) {
|
||||
$_POST['pass1'] = trim( $_POST['pass1'] );
|
||||
|
||||
if ( empty( $_POST['pass1'] ) ) {
|
||||
$errors->add( 'password_reset_empty_space', __( 'The password cannot be a space or all spaces.' ) );
|
||||
}
|
||||
}
|
||||
|
||||
// Check if password fields do not match.
|
||||
if ( ! empty( $_POST['pass1'] ) && $_POST['pass1'] !== trim( $_POST['pass2'] ) ) {
|
||||
$errors->add( 'password_reset_mismatch', __( '<strong>Error</strong>: The passwords do not match.' ) );
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue