Ticket #8589: 8589.patch
| File 8589.patch, 13.7 KB (added by , 4 years ago) |
|---|
-
src/bp-members/bp-members-functions.php
diff --git src/bp-members/bp-members-functions.php src/bp-members/bp-members-functions.php index 93fd7cafd..f6ae3421a 100644
function bp_get_members_invitation_from_request() { 3694 3694 */ 3695 3695 return apply_filters( 'bp_get_members_invitation_from_request', $invite ); 3696 3696 } 3697 3698 /** 3699 * Returns the strength score a password needs to have to be used by a member. 3700 * 3701 * Score => Allowed Strength. 3702 * 0 => any passwords. 3703 * 1 => at least short passwords. 3704 * 2 => at least weak passwords. 3705 * 3 => at least good passwords. 3706 * 4 => at least strong passwords. 3707 * 3708 * @since 10.0.0 3709 * 3710 * @return int the strength score a password needs to have to be used by a member. 3711 */ 3712 function bp_members_user_pass_required_strength() { 3713 $default_strength = 0; 3714 if ( defined( 'BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH' ) && BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH ) { 3715 $default_strength = (int) BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH; 3716 } 3717 3718 /** 3719 * Filter here to raise the strength score user passwords need to reach to be allowed. 3720 * 3721 * @since 10.0.0 3722 * 3723 * @param int $default_strength The strength score user passwords need to reach to be allowed. 3724 */ 3725 return (int) apply_filters( 'bp_members_user_pass_required_strength', $default_strength ); 3726 } 3727 3728 /** 3729 * Returns the description for the password required strength score. 3730 * 3731 * @since 10.0.0 3732 * 3733 * @param int the strength score to get the required description for. 3734 * @return string|array The score description of the list of descriptions. 3735 */ 3736 function bp_members_user_pass_required_strength_description( $score = 0 ) { 3737 $score_descriptions = array( 3738 '1' => __( 'Your password must be short/very weak at least to be allowed on this site.', 'buddypress' ), 3739 '2' => __( 'Your password must be weak at least to be allowed on this site.', 'buddypress' ), 3740 '3' => __( 'Your password must be good/medium at least to be allowed on this site.', 'buddypress' ), 3741 '4' => __( 'Your password must be strong to be allowed on this site.', 'buddypress' ), 3742 ); 3743 3744 if ( $score && isset( $score_descriptions[ $score ] ) ) { 3745 return $score_descriptions[ $score ]; 3746 } 3747 3748 return $score_descriptions; 3749 } -
src/bp-members/screens/register.php
diff --git src/bp-members/screens/register.php src/bp-members/screens/register.php index 77929c442..eca25583b 100644
15 15 function bp_core_screen_signup() { 16 16 $bp = buddypress(); 17 17 18 if ( ! bp_is_current_component( 'register' ) || bp_current_action() ) 18 if ( ! bp_is_current_component( 'register' ) || bp_current_action() ) { 19 19 return; 20 } 20 21 21 22 // Not a directory. 22 23 bp_update_is_directory( false, 'register' ); … … function bp_core_screen_signup() { 85 86 $bp->signup->errors['signup_email'] = $account_details['errors']->errors['user_email'][0]; 86 87 } 87 88 88 $signup_pass = ''; 89 if ( isset( $_POST['signup_password'] ) ) { 90 $signup_pass = wp_unslash( $_POST['signup_password'] ); 89 // Password strength check. 90 $required_password_strength = bp_members_user_pass_required_strength(); 91 $current_password_strength = null; 92 if ( isset( $_POST['_password_strength_score'] ) ) { 93 $current_password_strength = (int) $_POST['_password_strength_score']; 91 94 } 92 95 93 $signup_pass_confirm = ''; 94 if ( isset( $_POST['signup_password_confirm'] ) ) { 95 $signup_pass_confirm = wp_unslash( $_POST['signup_password_confirm'] ); 96 if ( $required_password_strength && ! is_null( $current_password_strength ) && $required_password_strength > $current_password_strength ) { 97 $account_password = new WP_Error( 98 'not_strong_enough_password', 99 __( 'Your password is not strong enougth to be allowed on this site. Please use a stronger password.', 'buddypress' ) 100 ); 101 } else { 102 $signup_pass = ''; 103 if ( isset( $_POST['signup_password'] ) ) { 104 $signup_pass = wp_unslash( $_POST['signup_password'] ); 105 } 106 107 $signup_pass_confirm = ''; 108 if ( isset( $_POST['signup_password_confirm'] ) ) { 109 $signup_pass_confirm = wp_unslash( $_POST['signup_password_confirm'] ); 110 } 111 112 // Check the account password for problems. 113 $account_password = bp_members_validate_user_password( $signup_pass, $signup_pass_confirm ); 96 114 } 97 115 98 // Check the account password for problems. 99 $account_password = bp_members_validate_user_password( $signup_pass, $signup_pass_confirm ); 100 $password_error = $account_password->get_error_message(); 116 $password_error = $account_password->get_error_message(); 101 117 102 118 if ( $password_error ) { 103 119 $bp->signup->errors['signup_password'] = $password_error; -
src/bp-settings/actions/general.php
diff --git src/bp-settings/actions/general.php src/bp-settings/actions/general.php index 43e2be5d7..5de59e80c 100644
function bp_settings_action_general() { 73 73 74 74 // User is changing email address. 75 75 if ( $old_user_email !== $user_email ) { 76 77 76 // Run some tests on the email address. 78 77 $email_checks = bp_core_validate_email_address( $user_email ); 79 78 … … function bp_settings_action_general() { 134 133 if ( ! empty( $_POST['pass1'] ) && ! empty( $_POST['pass2'] ) ) { 135 134 $pass = wp_unslash( $_POST['pass1'] ); 136 135 $pass_confirm = wp_unslash( $_POST['pass2'] ); 137 $pass_error = bp_members_validate_user_password( $pass, $pass_confirm, $update_user ); 138 139 if ( ! $pass_error->get_error_message() ) { 140 // Password change attempt is successful. 141 if ( ( ! empty( $_POST['pwd'] ) && wp_unslash( $_POST['pwd'] ) !== $pass ) || is_super_admin() ) { 142 $update_user['user_pass'] = $_POST['pass1']; 143 $pass_error = false; 144 $pass_changed = true; 145 146 // The new password is the same as the current password. 147 } else { 148 $pass_error->add( 'same_user_password', __( 'The new password must be different from the current password.', 'buddypress' ) ); 136 137 // Password strength check. 138 $required_password_strength = bp_members_user_pass_required_strength(); 139 $current_password_strength = null; 140 if ( isset( $_POST['_password_strength_score'] ) ) { 141 $current_password_strength = (int) $_POST['_password_strength_score']; 142 } 143 144 if ( $required_password_strength && ! is_null( $current_password_strength ) && $required_password_strength > $current_password_strength ) { 145 $pass_error = new WP_Error( 146 'not_strong_enough_password', 147 __( 'Your password is not strong enougth to be allowed on this site. Please use a stronger password.', 'buddypress' ) 148 ); 149 } else { 150 $pass_error = bp_members_validate_user_password( $pass, $pass_confirm, $update_user ); 151 152 if ( ! $pass_error->get_error_message() ) { 153 // Password change attempt is successful. 154 if ( ( ! empty( $_POST['pwd'] ) && wp_unslash( $_POST['pwd'] ) !== $pass ) || is_super_admin() ) { 155 $update_user['user_pass'] = $_POST['pass1']; 156 $pass_error = false; 157 $pass_changed = true; 158 159 // The new password is the same as the current password. 160 } else { 161 $pass_error->add( 'same_user_password', __( 'The new password must be different from the current password.', 'buddypress' ) ); 162 } 149 163 } 150 164 } 151 165 -
src/bp-templates/bp-legacy/buddypress-functions.php
diff --git src/bp-templates/bp-legacy/buddypress-functions.php src/bp-templates/bp-legacy/buddypress-functions.php index b9855f13a..df764d938 100644
class BP_Legacy extends BP_Theme_Compat { 337 337 ) ); 338 338 339 339 // Enqueue script. 340 wp_enqueue_script( $asset['handle'] . '-password-verify', $asset['location'], $dependencies, $this->version); 340 wp_enqueue_script( $asset['handle'] . '-password-verify', $asset['location'], $dependencies, $this->version ); 341 wp_localize_script( 342 $asset['handle'] . '-password-verify', 343 'bpPasswordVerify', 344 bp_members_user_pass_required_strength_description() + array( 345 'requiredPassStrength' => bp_members_user_pass_required_strength(), 346 ) 347 ); 341 348 } 342 349 343 350 // Star private messages. -
src/bp-templates/bp-legacy/js/password-verify.js
diff --git src/bp-templates/bp-legacy/js/password-verify.js src/bp-templates/bp-legacy/js/password-verify.js index 58d73c7bd..48df522fa 100644
6 6 function check_pass_strength() { 7 7 var pass1 = $( '.password-entry' ).val(), 8 8 pass2 = $( '.password-entry-confirm' ).val(), 9 strength; 9 currentForm = $( '.password-entry' ).closest( 'form' ), 10 strength, requiredStrength; 11 12 if ( 'undefined' !== typeof window.bpPasswordVerify && window.bpPasswordVerify.requiredPassStrength ) { 13 requiredStrength = parseInt( window.bpPasswordVerify.requiredPassStrength, 10 ); 14 } 10 15 11 16 // Reset classes and result text 12 17 $( '#pass-strength-result' ).removeClass( 'short bad good strong' ); … … 39 44 $( '#pass-strength-result' ).addClass( 'short' ).html( pwsL10n['short'] ); 40 45 break; 41 46 } 47 48 if ( requiredStrength && 4 >= requiredStrength ) { 49 if ( ! $( currentForm ).find( '#password-information' ).length ) { 50 $( '.password-entry' ).before( 51 $( '<p></p>' ).prop( 'id', 'password-information' ) 52 .addClass( 'description' ) 53 .html( bpPasswordVerify[ requiredStrength ] ) 54 ); 55 } 56 57 if ( ! $( currentForm ).find( '#password-strength-score' ).length ) { 58 $( currentForm ).prepend( 59 $('<input></input>').prop( { 60 id: 'password-strength-score', 61 type: 'hidden', 62 'name': '_password_strength_score' 63 } ) 64 ); 65 } 66 67 $( '#password-strength-score' ).val( strength ); 68 } 42 69 } 43 70 44 71 // Bind check_pass_strength to keyup events in the password fields -
src/bp-templates/bp-nouveau/buddypress-functions.php
diff --git src/bp-templates/bp-nouveau/buddypress-functions.php src/bp-templates/bp-nouveau/buddypress-functions.php index bff080da0..cc8dedee5 100644
class BP_Nouveau extends BP_Theme_Compat { 532 532 $params['customizer_settings'] = bp_nouveau_get_temporary_setting( 'any' ); 533 533 } 534 534 535 $required_password_strength = bp_members_user_pass_required_strength(); 536 if ( $required_password_strength ) { 537 $params['bpPasswordVerify'] = bp_members_user_pass_required_strength_description() + array( 538 'requiredPassStrength' => bp_members_user_pass_required_strength(), 539 ); 540 } 541 535 542 /** 536 543 * Filters core JavaScript strings for internationalization before AJAX usage. 537 544 * -
src/bp-templates/bp-nouveau/includes/template-tags.php
diff --git src/bp-templates/bp-nouveau/includes/template-tags.php src/bp-templates/bp-nouveau/includes/template-tags.php index 7b804a082..2004d2229 100644
function bp_nouveau_signup_form( $section = 'account_details' ) { 2370 2370 if ( 'signup_password' === $name ) { 2371 2371 ?> 2372 2372 <label for="pass1"><?php esc_html_e( 'Choose a Password (required)', 'buddypress' ); ?></label> 2373 <?php if ( isset( buddypress()->signup->errors['signup_password'] ) ) : 2374 nouveau_error_template( buddypress()->signup->errors['signup_password'] ); 2375 endif; ?> 2376 2373 2377 <div class="user-pass1-wrap"> 2374 2378 <div class="wp-pwd"> 2375 2379 <div class="password-input-wrapper"> -
src/bp-templates/bp-nouveau/js/buddypress-nouveau.js
diff --git src/bp-templates/bp-nouveau/js/buddypress-nouveau.js src/bp-templates/bp-nouveau/js/buddypress-nouveau.js index 8d12b914b..695891669 100644
2 2 /* jshint devel: true */ 3 3 /* jshint browser: true */ 4 4 /* @since 3.0.0 */ 5 /* @version 8.0.0 */5 /* @version 10.0.0 */ 6 6 window.wp = window.wp || {}; 7 7 window.bp = window.bp || {}; 8 8 … … window.bp = window.bp || {}; 468 468 469 469 // Pagination. 470 470 $( '#buddypress [data-bp-list]' ).on( 'click', '[data-bp-pagination] a', this, this.paginateAction ); 471 472 // Password updates. 473 if ( BP_Nouveau.bpPasswordVerify && BP_Nouveau.bpPasswordVerify.requiredPassStrength ) { 474 $( '#pass1' ).on( 'input pwupdate', this.checkPassStrength ); 475 } 471 476 }, 472 477 473 478 /** Event Callbacks ***********************************************************/ … … window.bp = window.bp || {}; 823 828 824 829 // Request the page. 825 830 self.objectRequest( queryData ); 831 }, 832 833 checkPassStrength: function( event ) { 834 var bpPasswordVerify = BP_Nouveau.bpPasswordVerify, strength, 835 requiredStrength = parseInt( bpPasswordVerify.requiredPassStrength, 10 ), 836 pass1 = $( event.currentTarget ).val(), pass2 = $( '#pass2' ).val(), 837 currentForm = $( event.currentTarget ).closest( 'form' ); 838 839 840 // wp.passwordStrength.userInputBlacklist() has been deprecated in WP 5.5.0. 841 if ( 'function' === typeof wp.passwordStrength.userInputDisallowedList ) { 842 strength = wp.passwordStrength.meter( pass1, wp.passwordStrength.userInputDisallowedList(), pass2 ); 843 } else { 844 strength = wp.passwordStrength.meter( pass1, wp.passwordStrength.userInputBlacklist(), pass2 ); 845 } 846 847 if ( requiredStrength && 4 >= requiredStrength ) { 848 if ( ! $( currentForm ).find( '#password-information' ).length ) { 849 $( event.currentTarget ).before( 850 $( '<p></p>' ).prop( 'id', 'password-information' ) 851 .addClass( 'description' ) 852 .html( bpPasswordVerify[ requiredStrength ] ) 853 ); 854 } 855 856 if ( ! $( currentForm ).find( '#password-strength-score' ).length ) { 857 $( currentForm ).prepend( 858 $('<input></input>').prop( { 859 id: 'password-strength-score', 860 type: 'hidden', 861 'name': '_password_strength_score' 862 } ) 863 ); 864 } 865 866 $( '#password-strength-score' ).val( strength ); 867 868 if ( requiredStrength > strength ) { 869 $( '.pw-weak' ).remove(); 870 } 871 } 826 872 } 827 873 }; 828 874