- Patch #991340 by alexpott: user_validate_current_pass() uses global and not the user object from the form.

2 files changed, 46 insertions, 3 deletions

diff --git a/modules/user/user.module b/modules/user/user.module
index 4a636dad1..7682f2522 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -1149,8 +1149,6 @@ function user_account_form(&$form, &$form_state) {
  * @see user_account_form()
  */
 function user_validate_current_pass(&$form, &$form_state) {
-  global $user;
-
   $account = $form['#user'];
   foreach ($form_state['values']['current_pass_required_values'] as $key => $name) {
     // This validation only works for required textfields (like mail) or
@@ -1158,7 +1156,7 @@ function user_validate_current_pass(&$form, &$form_state) {
     // that prevent them from being empty if they are changed.
     if ((strlen(trim($form_state['values'][$key])) > 0) && ($form_state['values'][$key] != $account->$key)) {
       require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
-      $current_pass_failed = empty($form_state['values']['current_pass']) || !user_check_password($form_state['values']['current_pass'], $user);
+      $current_pass_failed = empty($form_state['values']['current_pass']) || !user_check_password($form_state['values']['current_pass'], $account);
       if ($current_pass_failed) {
         form_set_error('current_pass', t("Your current password is missing or incorrect; it's required to change the %name.", array('%name' => $name)));
         form_set_error($key);
diff --git a/modules/user/user.test b/modules/user/user.test
index e66ab5e2c..a49a89b5c 100644
--- a/modules/user/user.test
+++ b/modules/user/user.test
@@ -2069,3 +2069,48 @@ class UserAuthmapAssignmentTestCase extends DrupalWebTestCase {
     }
   }
 }
+
+/**
+ * Tests user_validate_current_pass on a custom form.
+ */
+class UserValidateCurrentPassCustomForm extends DrupalWebTestCase {
+
+  public static function getInfo() {
+    return array(
+      'name' => 'User validate current pass custom form',
+      'description' => 'Test that user_validate_current_pass is usable on a custom form.',
+      'group' => 'User',
+    );
+  }
+
+  /**
+   * User with permission to view content.
+   */
+  protected $accessUser;
+
+  /**
+   * User permission to administer users.
+   */
+  protected $adminUser;
+
+  function setUp() {
+    parent::setUp('user_form_test');
+    // Create two users
+    $this->accessUser = $this->drupalCreateUser(array('access content'));
+    $this->adminUser = $this->drupalCreateUser(array('administer users'));
+  }
+
+  /**
+   * Tests that user_validate_current_pass can be reused on a custom form.
+   */
+  function testUserValidateCurrentPassCustomForm() {
+    $this->drupalLogin($this->adminUser);
+
+    // Submit the custom form with the admin user using the access user's password.
+    $edit = array();
+    $edit['user_form_test_field'] = $this->accessUser->name;
+    $edit['current_pass'] = $this->accessUser->pass_raw;
+    $this->drupalPost('user_form_test_current_password/' . $this->accessUser->uid, $edit, t('Test'));
+    $this->assertText(t('The password has been validated and the form submitted successfully.'));
+  }
+}