Bug fix for password validation
Showing
1 changed file
with
6 additions
and
9 deletions
| ... | @@ -168,7 +168,7 @@ function register($username, $email, $password, $meta = Array()) { | ... | @@ -168,7 +168,7 @@ function register($username, $email, $password, $meta = Array()) { |
| 168 | * @global $wpdb | 168 | * @global $wpdb |
| 169 | * @see wpmu_activate_signup | 169 | * @see wpmu_activate_signup |
| 170 | */ | 170 | */ |
| 171 | function activate($key, $validate_against_password = false, $pass = '') { | 171 | function activate($key, $password_validation = null) { |
| 172 | global $wpdb, $current_blog; | 172 | global $wpdb, $current_blog; |
| 173 | $signup = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->signups} WHERE activation_key = %s", $key)); | 173 | $signup = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->signups} WHERE activation_key = %s", $key)); |
| 174 | 174 | ||
| ... | @@ -184,15 +184,13 @@ function activate($key, $validate_against_password = false, $pass = '') { | ... | @@ -184,15 +184,13 @@ function activate($key, $validate_against_password = false, $pass = '') { |
| 184 | 184 | ||
| 185 | // Do I need to re-sanatize this? | 185 | // Do I need to re-sanatize this? |
| 186 | $meta = unserialize($signup->meta); | 186 | $meta = unserialize($signup->meta); |
| 187 | 187 | ||
| 188 | 188 | if (!is_null($password_validation)) { | |
| 189 | if ($validate_against_password) { | 189 | if ($meta['password'] != $password_validation) { |
| 190 | if ($meta['password'] != $pass) { | ||
| 191 | throw new Exception('Bad password match'); | 190 | throw new Exception('Bad password match'); |
| 192 | } | 191 | } |
| 193 | } | 192 | } |
| 194 | 193 | ||
| 195 | |||
| 196 | $id = _create_user($signup->user_login, $meta['password'], $signup->user_email); | 194 | $id = _create_user($signup->user_login, $meta['password'], $signup->user_email); |
| 197 | unset($meta['password']); | 195 | unset($meta['password']); |
| 198 | 196 | ||
| ... | @@ -208,12 +206,11 @@ function activate($key, $validate_against_password = false, $pass = '') { | ... | @@ -208,12 +206,11 @@ function activate($key, $validate_against_password = false, $pass = '') { |
| 208 | //add_new_user_to_blog( $id, $user_email, $meta ); | 206 | //add_new_user_to_blog( $id, $user_email, $meta ); |
| 209 | //do_action(ACTION_ACTIVATE, $id, $password, $meta); | 207 | //do_action(ACTION_ACTIVATE, $id, $password, $meta); |
| 210 | 208 | ||
| 211 | // KB001: If more than the password was sent in meta, have it generate user_meta for each key=>val pair | 209 | // If more than the password was sent in meta, have it generate user_meta for each key=>val pair |
| 212 | foreach($meta as $key=>$val) { | 210 | foreach($meta as $key=>$val) { |
| 213 | update_user_meta($id, $key, $val); | 211 | update_user_meta($id, $key, $val); |
| 214 | } | 212 | } |
| 215 | 213 | ||
| 216 | |||
| 217 | return (int)$id; | 214 | return (int)$id; |
| 218 | } | 215 | } |
| 219 | 216 | ... | ... |
-
Please register or sign in to post a comment