Bug fix for password validation

Chris Boden
Showing 1 changed file with 4 additions and 7 deletions
com/Auth/Auth.php
--- a/com/Auth/Auth.php
View file @bb4975b
+++ b/com/Auth/Auth.php
View file @bb4975b
@@ -168,7 +168,7 @@ function register($username, $email, $password, $meta = Array()) {
 * @global $wpdb
 * @see wpmu_activate_signup
 */
-function activate($key, $validate_against_password = false, $pass = '') {
+function activate($key, $password_validation = null) {
    global $wpdb, $current_blog;
    $signup = $wpdb->get_row($wpdb->prepare("SELECT * FROM {$wpdb->signups} WHERE activation_key = %s", $key));

@@ -185,14 +185,12 @@ function activate($key, $validate_against_password = false, $pass = '') {
    // Do I need to re-sanatize this?
    $meta = unserialize($signup->meta);

-    
-    if ($validate_against_password) {
-        if ($meta['password'] != $pass) {
+    if (!is_null($password_validation)) {
+        if ($meta['password'] != $password_validation) {
            throw new Exception('Bad password match');
        }
    }

-    
    $id = _create_user($signup->user_login, $meta['password'], $signup->user_email);
    unset($meta['password']);

@@ -208,12 +206,11 @@ function activate($key, $validate_against_password = false, $pass = '') {
    //add_new_user_to_blog( $id, $user_email, $meta );
    //do_action(ACTION_ACTIVATE, $id, $password, $meta);

-    // KB001: If more than the password was sent in meta, have it generate user_meta for each key=>val pair
+    // If more than the password was sent in meta, have it generate user_meta for each key=>val pair
    foreach($meta as $key=>$val) {
        update_user_meta($id, $key, $val);
    }

-
    return (int)$id;
 }