diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php index cb9695cf7b..f2529dccc2 100644 --- a/src/wp-includes/user.php +++ b/src/wp-includes/user.php @@ -2140,17 +2140,159 @@ function wp_update_user($userdata) { // Escape data pulled from DB. $user = add_magic_quotes( $user ); - // If password is changing, hash it now. if ( ! empty($userdata['user_pass']) ) { + // If password is changing, hash it now $plaintext_pass = $userdata['user_pass']; - $userdata['user_pass'] = wp_hash_password($userdata['user_pass']); + $userdata['user_pass'] = wp_hash_password( $userdata['user_pass'] ); + /** + * Filter to stop the sending of the password change email. + * + * @since 4.3 + * @see wp_insert_user() For $user and $userdata fields. + * + * @param bool Return false to not send the email. + * @param array $user The original user array. + * @param array $userdata The updated user array. + * + */ + $send_pass_change_email = apply_filters( 'send_pass_change_email', true, $user, $userdata ); } - wp_cache_delete($user[ 'user_email' ], 'useremail'); + if ( $user['user_email'] !== $userdata['user_email'] ) { + /** + * Filter to stop the sending of the email change email. + * + * @since 4.3 + * @see wp_insert_user() For $user and $userdata fields. + * + * @param bool Return false to not send the email. + * @param array $user The original user array. + * @param array $userdata The updated user array. + * + */ + $send_email_change_email = apply_filters( 'send_email_change_email', true, $user, $userdata ); + } + + wp_cache_delete( $user['user_email'], 'useremail' ); // Merge old and new fields with new fields overwriting old ones. - $userdata = array_merge($user, $userdata); - $user_id = wp_insert_user($userdata); + $userdata = array_merge( $user, $userdata ); + $user_id = wp_insert_user( $userdata ); + + if ( ! is_wp_error( $user_id ) ) { + + $blog_name = wp_specialchars_decode( get_option( 'blogname' ) ); + + if ( ! empty( $send_pass_change_email ) ) { + + /* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */ + $pass_change_text = __( 'Hi ###USERNAME###, + +This notice confirms that your password was changed on ###SITENAME###. + +If you did not change your password, please contact the Site Administrator at +###ADMIN_EMAIL### + +This email has been sent to ###EMAIL### + +Regards, +All at ###SITENAME### +###SITEURL###' ); + + $pass_change_email = array( + 'to' => $user['user_email'], + 'subject' => __( '[%s] Notice of Password Change' ), + 'message' => $pass_change_text, + 'headers' => '', + ); + + /** + * Filter the email sent when the user's password is changed. + * + * @since 4.3 + * + * @param array $pass_change_email { + * Used to build wp_mail(). https://developer.wordpress.org/reference/functions/wp_mail/ + * @type string $to The intended recipients. Add emails in a comma separated string. + * @type string $subject The subject of the email. + * @type string $message The content of the email. + * The following strings have a special meaning and will get replaced dynamically: + * ###USERNAME### The current user's username. + * ###ADMIN_EMAIL### The admin email in case this was unexpected. + * ###EMAIL### The old email. + * ###SITENAME### The name of the site. + * ###SITEURL### The URL to the site. + * @type string $headers Headers. Add headers in a newline (\r\n) separated string. + * } + * @param array $user The original user array. + * @param array $userdata The updated user array. + * + */ + $pass_change_email = apply_filters( 'password_change_email', $pass_change_email, $user, $userdata ); + + $pass_change_email['message'] = str_replace( '###USERNAME###', $user['user_login'], $pass_change_email['message'] ); + $pass_change_email['message'] = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $pass_change_email['message'] ); + $pass_change_email['message'] = str_replace( '###EMAIL###', $user['user_email'], $pass_change_email['message'] ); + $pass_change_email['message'] = str_replace( '###SITENAME###', get_option( 'blogname' ), $pass_change_email['message'] ); + $pass_change_email['message'] = str_replace( '###SITEURL###', get_option( 'siteurl' ), $pass_change_email['message'] ); + + wp_mail( $pass_change_email['to'], sprintf( $pass_change_email['subject'], $blog_name ), $pass_change_email['message'], $pass_change_email['headers'] ); + } + + if ( ! empty( $send_email_change_email ) ) { + /* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */ + $email_change_text = __( 'Hi ###USERNAME###, + +This notice confirms that your email was changed on ###SITENAME###. + +If you did not change your email, please contact the Site Administrator at +###ADMIN_EMAIL### + +This email has been sent to ###EMAIL### + +Regards, +All at ###SITENAME### +###SITEURL###' ); + + $email_change_email = array( + 'to' => $user['user_email'], + 'subject' => __( '[%s] Notice of Email Change' ), + 'message' => $email_change_text, + 'headers' => '', + ); + + /** + * Filter the email sent when the user's password is changed. + * + * @since 4.3 + * + * @param array $email_change_email { + * Used to build wp_mail(). https://developer.wordpress.org/reference/functions/wp_mail/ + * @type string $to The intended recipients. + * @type string $subject The subject of the email. + * @type string $message The content of the email. + * The following strings have a special meaning and will get replaced dynamically: + * ###USERNAME### The current user's username. + * ###ADMIN_EMAIL### The admin email in case this was unexpected. + * ###EMAIL### The old email. + * ###SITENAME### The name of the site. + * ###SITEURL### The URL to the site. + * @type string $headers Headers. + * } + * @param array $user The original user array. + * @param array $userdata The updated user array. + */ + $email_change_email = apply_filters( 'email_change_email', $email_change_email, $user, $userdata ); + + $email_change_email['message'] = str_replace( '###USERNAME###', $user['user_login'], $email_change_email['message'] ); + $email_change_email['message'] = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $email_change_email['message'] ); + $email_change_email['message'] = str_replace( '###EMAIL###', $user['user_email'], $email_change_email['message'] ); + $email_change_email['message'] = str_replace( '###SITENAME###', get_option( 'blogname' ), $email_change_email['message'] ); + $email_change_email['message'] = str_replace( '###SITEURL###', get_option( 'siteurl' ), $email_change_email['message'] ); + + wp_mail( $email_change_email['to'], sprintf( $email_change_email['subject'], $blog_name ), $email_change_email['message'], $email_change_email['headers'] ); + } + } // Update the cookies if the password changed. $current_user = wp_get_current_user();