WordPress.org

Make WordPress Core

Ticket #24617: 24617.04.patch

File 24617.04.patch, 1.1 KB (added by websupporter, 4 years ago)

set $allow to false instead of a new WP_Error

  • src/wp-includes/user.php

     
    20362036         */
    20372037        do_action( 'retrieve_password', $user->user_login );
    20382038
     2039        $allow = true;
     2040        if ( is_multisite() && is_user_spammy( $user ) ) {
     2041                $allow = false;
     2042        }
     2043
    20392044        /**
    20402045         * Filter whether to allow a password to be reset.
    20412046         *
    20422047         * @since 2.7.0
    20432048         *
    2044          * @param bool $allow         Whether to allow the password to be reset. Default true.
    2045          * @param int  $user_data->ID The ID of the user attempting to reset a password.
     2049         * @param bool    $allow    Whether to allow the password to be reset. Default true.
     2050         * @param int     $user->ID The ID of the user attempting to reset a password.
     2051         * @param WP_User $user     The WP_User object of the user attempting to reset a password.
    20462052         */
    2047         $allow = apply_filters( 'allow_password_reset', true, $user->ID );
     2053        $allow = apply_filters( 'allow_password_reset', $allow, $user->ID, $user );
    20482054
    20492055        if ( ! $allow ) {
    20502056                return new WP_Error( 'no_password_reset', __( 'Password reset is not allowed for this user' ) );