Invalidate password keys when a user's email changes.
git-svn-id: https://develop.svn.wordpress.org/trunk@30430 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
7e830d4a4a
commit
d2b4df2d4f
|
@ -1885,6 +1885,9 @@ function wp_insert_user( $userdata ) {
|
||||||
$data = wp_unslash( $compacted );
|
$data = wp_unslash( $compacted );
|
||||||
|
|
||||||
if ( $update ) {
|
if ( $update ) {
|
||||||
|
if ( $user_email !== $old_user_data->user_email ) {
|
||||||
|
$data['user_activation_key'] = '';
|
||||||
|
}
|
||||||
$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
|
$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
|
||||||
$user_id = (int) $ID;
|
$user_id = (int) $ID;
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -672,4 +672,36 @@ class Tests_User extends WP_UnitTestCase {
|
||||||
|
|
||||||
$this->assertSame( $user->user_nicename, $updated_user->user_nicename );
|
$this->assertSame( $user->user_nicename, $updated_user->user_nicename );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function test_changing_email_invalidates_password_reset_key() {
|
||||||
|
global $wpdb;
|
||||||
|
|
||||||
|
$user = $this->factory->user->create_and_get();
|
||||||
|
$wpdb->update( $wpdb->users, array( 'user_activation_key' => 'key' ), array( 'ID' => $user->ID ) );
|
||||||
|
clean_user_cache( $user );
|
||||||
|
|
||||||
|
$user = get_userdata( $user->ID );
|
||||||
|
$this->assertEquals( 'key', $user->user_activation_key );
|
||||||
|
|
||||||
|
// Check that changing something other than the email doesn't remove the key.
|
||||||
|
$userdata = array(
|
||||||
|
'ID' => $user->ID,
|
||||||
|
'user_nicename' => 'wat',
|
||||||
|
);
|
||||||
|
wp_update_user( $userdata );
|
||||||
|
|
||||||
|
$user = get_userdata( $user->ID );
|
||||||
|
$this->assertEquals( 'key', $user->user_activation_key );
|
||||||
|
|
||||||
|
// Now check that changing the email does remove it.
|
||||||
|
$userdata = array(
|
||||||
|
'ID' => $user->ID,
|
||||||
|
'user_nicename' => 'cat',
|
||||||
|
'user_email' => 'foo@bar.dev',
|
||||||
|
);
|
||||||
|
wp_update_user( $userdata );
|
||||||
|
|
||||||
|
$user = get_userdata( $user->ID );
|
||||||
|
$this->assertEmpty( $user->user_activation_key );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue