Ticket #8066: 8066.3.patch
File 8066.3.patch, 10.0 KB (added by , 4 years ago) |
---|
-
src/bp-members/bp-members-functions.php
diff --git src/bp-members/bp-members-functions.php src/bp-members/bp-members-functions.php index 3574c3eae..29741ebaa 100644
function bp_core_validate_user_signup( $user_name, $user_email ) { 1768 1768 return apply_filters( 'bp_core_validate_user_signup', $result ); 1769 1769 } 1770 1770 1771 /** 1772 * Validate a user password. 1773 * 1774 * @since 7.0.0 1775 * 1776 * @param string $pass The password. 1777 * @param string $confirm_pass The confirmed password. 1778 * @param null|WP_User $userdata Null or the userdata object when a member updates their password from front-end. 1779 * @return WP_Error A WP error object possibly containing error messages. 1780 */ 1781 function bp_members_validate_user_password( $pass, $confirm_pass, $userdata = null ) { 1782 $errors = new WP_Error(); 1783 1784 if ( ! $pass || ! $confirm_pass ) { 1785 $errors->add( 'missing_user_password', __( 'Please make sure you enter your password twice', 'buddypress' ) ); 1786 } 1787 1788 if ( $pass && $confirm_pass && $pass !== $confirm_pass ) { 1789 $errors->add( 'mismatching_user_password', __( 'The passwords you entered do not match.', 'buddypress' ) ); 1790 } 1791 1792 /** 1793 * Filter here to add password validation errors. 1794 * 1795 * @since 7.0.0 1796 * 1797 * @param WP_Error $errors Password validation errors. 1798 * @param string $pass The password. 1799 * @param string $confirm_pass The confirmed password. 1800 * @param null|WP_User $userdata Null or the userdata object when a member updates their password from front-end. 1801 */ 1802 return apply_filters( 'bp_members_validate_user_password', $errors, $pass, $confirm_pass, $userdata ); 1803 } 1804 1771 1805 /** 1772 1806 * Validate blog URL and title provided at signup. 1773 1807 * -
src/bp-members/screens/register.php
diff --git src/bp-members/screens/register.php src/bp-members/screens/register.php index 8341f5266..f954f3f41 100644
function bp_core_screen_signup() { 59 59 $account_details = bp_core_validate_user_signup( $_POST['signup_username'], $_POST['signup_email'] ); 60 60 61 61 // If there are errors with account details, set them for display. 62 if ( ! empty( $account_details['errors']->errors['user_name'] ) )62 if ( ! empty( $account_details['errors']->errors['user_name'] ) ) { 63 63 $bp->signup->errors['signup_username'] = $account_details['errors']->errors['user_name'][0]; 64 } 64 65 65 if ( ! empty( $account_details['errors']->errors['user_email'] ) )66 if ( ! empty( $account_details['errors']->errors['user_email'] ) ) { 66 67 $bp->signup->errors['signup_email'] = $account_details['errors']->errors['user_email'][0]; 68 } 67 69 68 // Check that both password fields are filled in. 69 if ( empty( $_POST['signup_password'] ) || empty( $_POST['signup_password_confirm'] ) ) 70 $bp->signup->errors['signup_password'] = __( 'Please make sure you enter your password twice', 'buddypress' ); 70 $signup_pass = ''; 71 if ( isset( $_POST['signup_password'] ) ) { 72 $signup_pass = wp_unslash( $_POST['signup_password'] ); 73 } 71 74 72 // Check that the passwords match. 73 if ( ( !empty( $_POST['signup_password'] ) && !empty( $_POST['signup_password_confirm'] ) ) && $_POST['signup_password'] != $_POST['signup_password_confirm'] ) 74 $bp->signup->errors['signup_password'] = __( 'The passwords you entered do not match.', 'buddypress' ); 75 $signup_pass_confirm = ''; 76 if ( isset( $_POST['signup_password_confirm'] ) ) { 77 $signup_pass_confirm = wp_unslash( $_POST['signup_password_confirm'] ); 78 } 79 80 // Check the account password for problems. 81 $account_password = bp_members_validate_user_password( $signup_pass, $signup_pass_confirm ); 82 $password_error = $account_password->get_error_message(); 83 84 if ( $password_error ) { 85 $bp->signup->errors['signup_password'] = $password_error; 86 } 75 87 76 88 if ( bp_signup_requires_privacy_policy_acceptance() && ! empty( $_POST['signup-privacy-policy-check'] ) && empty( $_POST['signup-privacy-policy-accept'] ) ) { 77 89 $bp->signup->errors['signup_privacy_policy'] = __( 'You must indicate that you have read and agreed to the Privacy Policy.', 'buddypress' ); … … function bp_core_screen_signup() { 237 249 */ 238 250 bp_core_load_template( apply_filters( 'bp_core_template_register', array( 'register', 'registration/register' ) ) ); 239 251 } 240 add_action( 'bp_screens', 'bp_core_screen_signup' ); 241 No newline at end of file 252 add_action( 'bp_screens', 'bp_core_screen_signup' ); -
src/bp-settings/actions/general.php
diff --git src/bp-settings/actions/general.php src/bp-settings/actions/general.php index 6de596d6f..10e33acb3 100644
function bp_settings_action_general() { 130 130 131 131 /* Password Change Attempt ***************************************/ 132 132 133 if ( !empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) { 134 135 if ( ( $_POST['pass1'] == $_POST['pass2'] ) && !strpos( " " . wp_unslash( $_POST['pass1'] ), "\\" ) ) { 133 if ( ! empty( $_POST['pass1'] ) && ! empty( $_POST['pass2'] ) ) { 134 $pass = wp_unslash( $_POST['pass1'] ); 135 $pass_confirm = wp_unslash( $_POST['pass2'] ); 136 $pass_error = bp_members_validate_user_password( $pass, $pass_confirm, $update_user ); 136 137 138 if ( ! $pass_error->get_error_message() ) { 137 139 // Password change attempt is successful. 138 if ( ( ! empty( $_POST['pwd'] ) && $_POST['pwd'] != $_POST['pass1']) || is_super_admin() ) {140 if ( ( ! empty( $_POST['pwd'] ) && wp_unslash( $_POST['pwd'] ) !== $pass ) || is_super_admin() ) { 139 141 $update_user->user_pass = $_POST['pass1']; 140 $pass_changed = true; 142 $pass_error = false; 143 $pass_changed = true; 141 144 142 145 // The new password is the same as the current password. 143 146 } else { 144 $pass_error = 'same';147 $pass_error->add( 'same_user_password', __( 'The new password must be different from the current password.', 'buddypress' ) ); 145 148 } 146 147 // Password change attempt was unsuccessful.148 } else {149 $pass_error = 'mismatch';150 149 } 151 150 152 151 // Both password fields were empty. … … function bp_settings_action_general() { 154 153 $pass_error = false; 155 154 156 155 // One of the password boxes was left empty. 157 } elseif ( ( empty( $_POST['pass1'] ) && ! empty( $_POST['pass2'] ) ) || ( !empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) ) {158 $pass_error = 'empty';156 } elseif ( ( empty( $_POST['pass1'] ) && ! empty( $_POST['pass2'] ) ) || ( ! empty( $_POST['pass1'] ) && empty( $_POST['pass2'] ) ) ) { 157 $pass_error = new WP_Error( 'empty_user_password', __( 'One of the password fields was empty.', 'buddypress' ) ); 159 158 } 160 159 161 160 // The structure of the $update_user object changed in WP 3.3, but … … function bp_settings_action_general() { 180 179 181 180 // Password Error. 182 181 } else { 183 $pass_error = 'invalid';182 $pass_error = new WP_Error( 'invalid_user_password', __( 'Your current password is invalid.', 'buddypress' ) ); 184 183 } 185 184 186 185 // Email feedback. … … function bp_settings_action_general() { 202 201 break; 203 202 } 204 203 205 // Password feedback. 206 switch ( $pass_error ) { 207 case 'invalid' : 208 $feedback['pass_error'] = __( 'Your current password is invalid.', 'buddypress' ); 209 break; 210 case 'mismatch' : 211 $feedback['pass_mismatch'] = __( 'The new password fields did not match.', 'buddypress' ); 212 break; 213 case 'empty' : 214 $feedback['pass_empty'] = __( 'One of the password fields was empty.', 'buddypress' ); 215 break; 216 case 'same' : 217 $feedback['pass_same'] = __( 'The new password must be different from the current password.', 'buddypress' ); 218 break; 219 case false : 220 // No change. 221 break; 204 if ( is_wp_error( $pass_error ) && $pass_error->get_error_message() ) { 205 $feedback[ $pass_error->get_error_code() ] = $pass_error->get_error_message(); 222 206 } 223 207 224 208 // No errors so show a simple success message. -
tests/phpunit/testcases/members/functions.php
diff --git tests/phpunit/testcases/members/functions.php tests/phpunit/testcases/members/functions.php index c55b3343a..b19936744 100644
class BP_Tests_Members_Functions extends BP_UnitTestCase { 580 580 $this->assertSame( bp_get_signup_page(), wp_registration_url() ); 581 581 } 582 582 583 /** 584 * @group bp_members_validate_user_password 585 */ 586 public function test_bp_members_validate_user_password() { 587 $validate = bp_members_validate_user_password( 'foobar', 'foobar' ); 588 589 $this->assertEmpty( $validate->get_error_message() ); 590 } 591 592 /** 593 * @group bp_members_validate_user_password 594 */ 595 public function test_bp_members_validate_user_password_missing() { 596 $validate = bp_members_validate_user_password( '', '' ); 597 598 $this->assertEquals( 'missing_user_password', $validate->get_error_code() ); 599 600 $validate = bp_members_validate_user_password( 'foobar', '' ); 601 602 $this->assertEquals( 'missing_user_password', $validate->get_error_code() ); 603 604 $validate = bp_members_validate_user_password( '', 'foobar' ); 605 606 $this->assertEquals( 'missing_user_password', $validate->get_error_code() ); 607 } 608 609 /** 610 * @group bp_members_validate_user_password 611 */ 612 public function test_bp_members_validate_user_password_mismatching() { 613 $validate = bp_members_validate_user_password( 'foobar', 'barfoo' ); 614 615 $this->assertEquals( 'mismatching_user_password', $validate->get_error_code() ); 616 } 617 618 /** 619 * @group bp_members_validate_user_password 620 */ 621 public function test_bp_members_validate_user_password_too_short() { 622 add_filter( 'bp_members_validate_user_password', array( $this, 'filter_bp_members_validate_user_password' ), 10, 2 ); 623 624 $validate = bp_members_validate_user_password( 'one', 'one' ); 625 626 remove_filter( 'bp_members_validate_user_password', array( $this, 'filter_bp_members_validate_user_password' ), 10, 2 ); 627 628 $this->assertEquals( 'too_short_user_password', $validate->get_error_code() ); 629 } 630 631 function filter_bp_members_validate_user_password( $errors, $pass ) { 632 if ( 4 > strlen( $pass ) ) { 633 $errors->add( 'too_short_user_password', __( 'Your password is too short.', 'buddypress' ) ); 634 } 635 636 return $errors; 637 } 638 583 639 /** 584 640 * @group bp_core_activate_signup 585 641 */