Invalidate password keys when a user's email changes.
git-svn-id: https://develop.svn.wordpress.org/trunk@30430 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
7e830d4a4a
commit
d2b4df2d4f
|
@ -1885,6 +1885,9 @@ function wp_insert_user( $userdata ) {
|
|||
$data = wp_unslash( $compacted );
|
||||
|
||||
if ( $update ) {
|
||||
if ( $user_email !== $old_user_data->user_email ) {
|
||||
$data['user_activation_key'] = '';
|
||||
}
|
||||
$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
|
||||
$user_id = (int) $ID;
|
||||
} else {
|
||||
|
|
|
@ -672,4 +672,36 @@ class Tests_User extends WP_UnitTestCase {
|
|||
|
||||
$this->assertSame( $user->user_nicename, $updated_user->user_nicename );
|
||||
}
|
||||
|
||||
function test_changing_email_invalidates_password_reset_key() {
|
||||
global $wpdb;
|
||||
|
||||
$user = $this->factory->user->create_and_get();
|
||||
$wpdb->update( $wpdb->users, array( 'user_activation_key' => 'key' ), array( 'ID' => $user->ID ) );
|
||||
clean_user_cache( $user );
|
||||
|
||||
$user = get_userdata( $user->ID );
|
||||
$this->assertEquals( 'key', $user->user_activation_key );
|
||||
|
||||
// Check that changing something other than the email doesn't remove the key.
|
||||
$userdata = array(
|
||||
'ID' => $user->ID,
|
||||
'user_nicename' => 'wat',
|
||||
);
|
||||
wp_update_user( $userdata );
|
||||
|
||||
$user = get_userdata( $user->ID );
|
||||
$this->assertEquals( 'key', $user->user_activation_key );
|
||||
|
||||
// Now check that changing the email does remove it.
|
||||
$userdata = array(
|
||||
'ID' => $user->ID,
|
||||
'user_nicename' => 'cat',
|
||||
'user_email' => 'foo@bar.dev',
|
||||
);
|
||||
wp_update_user( $userdata );
|
||||
|
||||
$user = get_userdata( $user->ID );
|
||||
$this->assertEmpty( $user->user_activation_key );
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue