WordPress.org

Make WordPress Core

Ticket #31039: 31039.4.patch

File 31039.4.patch, 10.0 KB (added by jfarthing84, 2 years ago)
  • wp-includes/default-filters.php

     
    417417// Email notifications.
    418418add_action( 'comment_post', 'wp_new_comment_notify_moderator' );
    419419add_action( 'comment_post', 'wp_new_comment_notify_postauthor' );
     420add_action( 'retrieved_password_key', 'wp_retrieve_password_notification', 10, 2 );
    420421add_action( 'after_password_reset', 'wp_password_change_notification' );
    421422add_action( 'register_new_user', 'wp_send_new_user_notifications' );
    422423add_action( 'edit_user_created_user', 'wp_send_new_user_notifications', 10, 2 );
  • wp-includes/user.php

     
    13701370
    13711371/**
    13721372 * Determines whether the given username exists.
    1373  * 
     1373 *
    13741374 * For more information on this and similar theme functions, check out
    1375  * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ 
     1375 * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
    13761376 * Conditional Tags} article in the Theme Developer Handbook.
    13771377 *
    13781378 * @since 2.0.0
     
    14001400
    14011401/**
    14021402 * Determines whether the given email exists.
    1403  * 
     1403 *
    14041404 * For more information on this and similar theme functions, check out
    1405  * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ 
     1405 * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
    14061406 * Conditional Tags} article in the Theme Developer Handbook.
    14071407 *
    14081408 * @since 2.1.0
     
    21822182}
    21832183
    21842184/**
     2185 * Handles sending password retrieval email to user.
     2186 *
     2187 * @since unknown
     2188 *
     2189 * @return bool|WP_Error True: when finish. WP_Error on error
     2190 */
     2191function retrieve_password() {
     2192        $errors = new WP_Error();
     2193
     2194        if ( empty( $_POST['user_login'] ) || ! is_string( $_POST['user_login'] ) ) {
     2195                $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Enter a username or email address.' ) );
     2196        } elseif ( strpos( $_POST['user_login'], '@' ) ) {
     2197                $user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) );
     2198                if ( empty( $user_data ) ) {
     2199                        $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: There is no user registered with that email address.' ) );
     2200                }
     2201        } else {
     2202                $login     = trim( $_POST['user_login'] );
     2203                $user_data = get_user_by( 'login', $login );
     2204        }
     2205
     2206        /**
     2207         * Fires before errors are returned from a password reset request.
     2208         *
     2209         * @since 2.1.0
     2210         * @since 4.4.0 Added the `$errors` parameter.
     2211         *
     2212         * @param WP_Error $errors A WP_Error object containing any errors generated
     2213         *                         by using invalid credentials.
     2214         */
     2215        do_action( 'lostpassword_post', $errors );
     2216
     2217        if ( $errors->has_errors() ) {
     2218                return $errors;
     2219        }
     2220
     2221        if ( ! $user_data ) {
     2222                $errors->add( 'invalidcombo', __( '<strong>ERROR</strong>: Invalid username or email.' ) );
     2223                return $errors;
     2224        }
     2225
     2226        $key = get_password_reset_key( $user_data );
     2227        if ( is_wp_error( $key ) ) {
     2228                return $key;
     2229        }
     2230
     2231        /**
     2232         * Fires after a password reset key is retrieved.
     2233         *
     2234         * @since unknown
     2235         *
     2236         * @param WP_User $user_data The user object.
     2237         * @param string  $key       The password reset key.
     2238         */
     2239        do_action( 'retrieved_password_key', $user_data, $key );
     2240
     2241        return true;
     2242}
     2243
     2244/**
     2245 * Sends the retrieve password notification.
     2246 *
     2247 * @since unknown
     2248 *
     2249 * @param WP_User $user The user object.
     2250 * @param string $key   The password reset key.
     2251 */
     2252function wp_retrieve_password_notification( $user, $key ) {
     2253        if ( is_multisite() ) {
     2254                $site_name = get_network()->site_name;
     2255        } else {
     2256                /*
     2257                 * The blogname option is escaped with esc_html on the way into the database
     2258                 * in sanitize_option we want to reverse this for the plain text arena of emails.
     2259                 */
     2260                $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
     2261        }
     2262
     2263        $message = __( 'Someone has requested a password reset for the following account:' ) . "\r\n\r\n";
     2264        /* translators: %s: site name */
     2265        $message .= sprintf( __( 'Site Name: %s' ), $site_name ) . "\r\n\r\n";
     2266        /* translators: %s: user login */
     2267        $message .= sprintf( __( 'Username: %s' ), $user->user_login ) . "\r\n\r\n";
     2268        $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n";
     2269        $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";
     2270        $message .= '<' . network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user->user_login ), 'login' ) . ">\r\n";
     2271
     2272        /* translators: Password reset email subject. %s: Site name */
     2273        $title = sprintf( __( '[%s] Password Reset' ), $site_name );
     2274
     2275        /**
     2276         * Filters the subject of the password reset email.
     2277         *
     2278         * @since 2.8.0
     2279         * @since 4.4.0 Added the `$user_login` and `$user_data` parameters.
     2280         *
     2281         * @param string  $title      Default email title.
     2282         * @param string  $user_login The username for the user.
     2283         * @param WP_User $user       WP_User object.
     2284         */
     2285        $title = apply_filters( 'retrieve_password_title', $title, $user->user_login, $user );
     2286
     2287        /**
     2288         * Filters the message body of the password reset mail.
     2289         *
     2290         * If the filtered message is empty, the password reset email will not be sent.
     2291         *
     2292         * @since 2.8.0
     2293         * @since 4.1.0 Added `$user_login` and `$user_data` parameters.
     2294         *
     2295         * @param string  $message    Default mail message.
     2296         * @param string  $key        The activation key.
     2297         * @param string  $user_login The username for the user.
     2298         * @param WP_User $user       WP_User object.
     2299         */
     2300        $message = apply_filters( 'retrieve_password_message', $message, $key, $user->user_login, $user );
     2301
     2302        if ( $message && ! wp_mail( $user->user_email, wp_specialchars_decode( $title ), $message ) ) {
     2303                wp_die( __( 'The email could not be sent.' ) . "<br />\n" . __( 'Possible reason: your host may have disabled the mail() function.' ) );
     2304        }
     2305}
     2306
     2307/**
    21852308 * Creates, stores, then returns a password reset key for user.
    21862309 *
    21872310 * @since 4.4.0
  • wp-login.php

     
    310310        <?php
    311311}
    312312
    313 /**
    314  * Handles sending password retrieval email to user.
    315  *
    316  * @return bool|WP_Error True: when finish. WP_Error on error
    317  */
    318 function retrieve_password() {
    319         $errors = new WP_Error();
    320 
    321         if ( empty( $_POST['user_login'] ) || ! is_string( $_POST['user_login'] ) ) {
    322                 $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Enter a username or email address.' ) );
    323         } elseif ( strpos( $_POST['user_login'], '@' ) ) {
    324                 $user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) );
    325                 if ( empty( $user_data ) ) {
    326                         $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: There is no user registered with that email address.' ) );
    327                 }
    328         } else {
    329                 $login     = trim( $_POST['user_login'] );
    330                 $user_data = get_user_by( 'login', $login );
    331         }
    332 
    333         /**
    334          * Fires before errors are returned from a password reset request.
    335          *
    336          * @since 2.1.0
    337          * @since 4.4.0 Added the `$errors` parameter.
    338          *
    339          * @param WP_Error $errors A WP_Error object containing any errors generated
    340          *                         by using invalid credentials.
    341          */
    342         do_action( 'lostpassword_post', $errors );
    343 
    344         if ( $errors->has_errors() ) {
    345                 return $errors;
    346         }
    347 
    348         if ( ! $user_data ) {
    349                 $errors->add( 'invalidcombo', __( '<strong>ERROR</strong>: Invalid username or email.' ) );
    350                 return $errors;
    351         }
    352 
    353         // Redefining user_login ensures we return the right case in the email.
    354         $user_login = $user_data->user_login;
    355         $user_email = $user_data->user_email;
    356         $key        = get_password_reset_key( $user_data );
    357 
    358         if ( is_wp_error( $key ) ) {
    359                 return $key;
    360         }
    361 
    362         if ( is_multisite() ) {
    363                 $site_name = get_network()->site_name;
    364         } else {
    365                 /*
    366                  * The blogname option is escaped with esc_html on the way into the database
    367                  * in sanitize_option we want to reverse this for the plain text arena of emails.
    368                  */
    369                 $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
    370         }
    371 
    372         $message = __( 'Someone has requested a password reset for the following account:' ) . "\r\n\r\n";
    373         /* translators: %s: site name */
    374         $message .= sprintf( __( 'Site Name: %s' ), $site_name ) . "\r\n\r\n";
    375         /* translators: %s: user login */
    376         $message .= sprintf( __( 'Username: %s' ), $user_login ) . "\r\n\r\n";
    377         $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n";
    378         $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";
    379         $message .= '<' . network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . ">\r\n";
    380 
    381         /* translators: Password reset email subject. %s: Site name */
    382         $title = sprintf( __( '[%s] Password Reset' ), $site_name );
    383 
    384         /**
    385          * Filters the subject of the password reset email.
    386          *
    387          * @since 2.8.0
    388          * @since 4.4.0 Added the `$user_login` and `$user_data` parameters.
    389          *
    390          * @param string  $title      Default email title.
    391          * @param string  $user_login The username for the user.
    392          * @param WP_User $user_data  WP_User object.
    393          */
    394         $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data );
    395 
    396         /**
    397          * Filters the message body of the password reset mail.
    398          *
    399          * If the filtered message is empty, the password reset email will not be sent.
    400          *
    401          * @since 2.8.0
    402          * @since 4.1.0 Added `$user_login` and `$user_data` parameters.
    403          *
    404          * @param string  $message    Default mail message.
    405          * @param string  $key        The activation key.
    406          * @param string  $user_login The username for the user.
    407          * @param WP_User $user_data  WP_User object.
    408          */
    409         $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data );
    410 
    411         if ( $message && ! wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) {
    412                 wp_die( __( 'The email could not be sent.' ) . "<br />\n" . __( 'Possible reason: your host may have disabled the mail() function.' ) );
    413         }
    414 
    415         return true;
    416 }
    417 
    418313//
    419314// Main
    420315//