From 588886c634f10fd8dd3b01b07441a2762ebe51a2 Mon Sep 17 00:00:00 2001
From: Peter Westwood <westi@git.wordpress.org>
Date: Thu, 20 Sep 2012 11:01:29 +0000
Subject: [PATCH] Passwords: Make it possible for plugins to enforce extra
 password strength / validity rules during the reset process.

Adds a filter in the password reset process so that a plugin can enforce particular password rules on users to compliment the existing filtering in the Profile modification process.
Fixes #21778.


git-svn-id: https://develop.svn.wordpress.org/trunk@21923 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-login.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/wp-login.php b/wp-login.php
index 3c43caec48..6a2a6b6895 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -459,11 +459,14 @@ case 'rp' :
 		exit;
 	}
 
-	$errors = '';
+	$errors = new WP_Error();
 
-	if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] ) {
-		$errors = new WP_Error('password_reset_mismatch', __('The passwords do not match.'));
-	} elseif ( isset($_POST['pass1']) && !empty($_POST['pass1']) ) {
+	if ( isset($_POST['pass1']) && $_POST['pass1'] != $_POST['pass2'] )
+		$errors->add( 'password_reset_mismatch', __( 'The passwords do not match.' ) );
+
+	do_action( 'validate_password_reset', $errors, $user );
+
+	if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
 		reset_password($user, $_POST['pass1']);
 		login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
 		login_footer();