WordPress.org
Get WordPress

Make WordPress Core

Changeset 60650

Timestamp:
08/19/2025 11:29:12 PM (7 weeks ago)
Author:
peterwilsoncc
Message:

Users: Throw specific warning when wp_insert_user() called without user_pass.

Modifies wp_insert_user() to throw the warning The user_pass field is required when creating a new user. The user will need to reset their password before logging in. when called without the user_pass argument defined.

This avoids a mix of warnings being thrown depending on the version of PHP the system is running on, anywhere between zero and three.

To retain backward compatibility the user is created with an empty password. As WordPress does not accept an empty password during authentication, this will require the newly created user complete the password reset process.

Props dd32, hbhalodia, iamadisingh, mindctrl, rollybueno, sheldorofazeroth, shilpaashokan94
Fixes #63770.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/user.php

    r60644 r60650  
    22222222    } else {
    22232223        $update = false;
     2224
     2225        if ( empty( $userdata['user_pass'] ) ) {
     2226            wp_trigger_error(
     2227                __FUNCTION__,
     2228                __( 'The user_pass field is required when creating a new user. The user will need to reset their password before logging in.' ),
     2229                E_USER_WARNING
     2230            );
     2231
     2232            // Set the password as an empty string to force the password reset flow.
     2233            $userdata['user_pass'] = '';
     2234        }
     2235
    22242236        // Hash the password.
    22252237        $user_pass = wp_hash_password( $userdata['user_pass'] );

  • trunk/tests/phpunit/tests/user/slashes.php

    r56547 r60650  
    155155                'display_name' => self::SLASH_7,
    156156                'description'  => self::SLASH_3,
    157                 'user_pass'    => '',
     157                'user_pass'    => 'password',
    158158            )
    159159        );
     
    176176                'display_name' => self::SLASH_2,
    177177                'description'  => self::SLASH_4,
    178                 'user_pass'    => '',
     178                'user_pass'    => 'password',
    179179            )
    180180        );
Note: See TracChangeset for help on using the changeset viewer.