Ticket #31039: 31039.4.patch

wp-includes/default-filters.php

@@ -417 +417 @@
 // Email notifications.
 add_action( 'comment_post', 'wp_new_comment_notify_moderator' );
 add_action( 'comment_post', 'wp_new_comment_notify_postauthor' );
+add_action( 'retrieved_password_key', 'wp_retrieve_password_notification', 10, 2 );
 add_action( 'after_password_reset', 'wp_password_change_notification' );
 add_action( 'register_new_user', 'wp_send_new_user_notifications' );
 add_action( 'edit_user_created_user', 'wp_send_new_user_notifications', 10, 2 );

wp-includes/user.php

@@ -1370 +1370 @@
 
 /**
  * Determines whether the given username exists.
- * 
+ *
  * For more information on this and similar theme functions, check out
- * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ 
+ * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
  * Conditional Tags} article in the Theme Developer Handbook.
  *
  * @since 2.0.0
@@ -1400 +1400 @@
 
 /**
  * Determines whether the given email exists.
- * 
+ *
  * For more information on this and similar theme functions, check out
- * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ 
+ * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
  * Conditional Tags} article in the Theme Developer Handbook.
  *
  * @since 2.1.0
@@ -2182 +2182 @@
 }
 
 /**
+ * Handles sending password retrieval email to user.
+ *
+ * @since unknown
+ *
+ * @return bool|WP_Error True: when finish. WP_Error on error
+ */
+function retrieve_password() {
+        $errors = new WP_Error();
+
+        if ( empty( $_POST['user_login'] ) || ! is_string( $_POST['user_login'] ) ) {
+                $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Enter a username or email address.' ) );
+        } elseif ( strpos( $_POST['user_login'], '@' ) ) {
+                $user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) );
+                if ( empty( $user_data ) ) {
+                        $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: There is no user registered with that email address.' ) );
+                }
+        } else {
+                $login     = trim( $_POST['user_login'] );
+                $user_data = get_user_by( 'login', $login );
+        }
+
+        /**
+         * Fires before errors are returned from a password reset request.
+         *
+         * @since 2.1.0
+         * @since 4.4.0 Added the `$errors` parameter.
+         *
+         * @param WP_Error $errors A WP_Error object containing any errors generated
+         *                         by using invalid credentials.
+         */
+        do_action( 'lostpassword_post', $errors );
+
+        if ( $errors->has_errors() ) {
+                return $errors;
+        }
+
+        if ( ! $user_data ) {
+                $errors->add( 'invalidcombo', __( '<strong>ERROR</strong>: Invalid username or email.' ) );
+                return $errors;
+        }
+
+        $key = get_password_reset_key( $user_data );
+        if ( is_wp_error( $key ) ) {
+                return $key;
+        }
+
+        /**
+         * Fires after a password reset key is retrieved.
+         *
+         * @since unknown
+         *
+         * @param WP_User $user_data The user object.
+         * @param string  $key       The password reset key.
+         */
+        do_action( 'retrieved_password_key', $user_data, $key );
+
+        return true;
+}
+
+/**
+ * Sends the retrieve password notification.
+ *
+ * @since unknown
+ *
+ * @param WP_User $user The user object.
+ * @param string $key   The password reset key.
+ */
+function wp_retrieve_password_notification( $user, $key ) {
+        if ( is_multisite() ) {
+                $site_name = get_network()->site_name;
+        } else {
+                /*
+                 * The blogname option is escaped with esc_html on the way into the database
+                 * in sanitize_option we want to reverse this for the plain text arena of emails.
+                 */
+                $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
+        }
+
+        $message = __( 'Someone has requested a password reset for the following account:' ) . "\r\n\r\n";
+        /* translators: %s: site name */
+        $message .= sprintf( __( 'Site Name: %s' ), $site_name ) . "\r\n\r\n";
+        /* translators: %s: user login */
+        $message .= sprintf( __( 'Username: %s' ), $user->user_login ) . "\r\n\r\n";
+        $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n";
+        $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";
+        $message .= '<' . network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user->user_login ), 'login' ) . ">\r\n";
+
+        /* translators: Password reset email subject. %s: Site name */
+        $title = sprintf( __( '[%s] Password Reset' ), $site_name );
+
+        /**
+         * Filters the subject of the password reset email.
+         *
+         * @since 2.8.0
+         * @since 4.4.0 Added the `$user_login` and `$user_data` parameters.
+         *
+         * @param string  $title      Default email title.
+         * @param string  $user_login The username for the user.
+         * @param WP_User $user       WP_User object.
+         */
+        $title = apply_filters( 'retrieve_password_title', $title, $user->user_login, $user );
+
+        /**
+         * Filters the message body of the password reset mail.
+         *
+         * If the filtered message is empty, the password reset email will not be sent.
+         *
+         * @since 2.8.0
+         * @since 4.1.0 Added `$user_login` and `$user_data` parameters.
+         *
+         * @param string  $message    Default mail message.
+         * @param string  $key        The activation key.
+         * @param string  $user_login The username for the user.
+         * @param WP_User $user       WP_User object.
+         */
+        $message = apply_filters( 'retrieve_password_message', $message, $key, $user->user_login, $user );
+
+        if ( $message && ! wp_mail( $user->user_email, wp_specialchars_decode( $title ), $message ) ) {
+                wp_die( __( 'The email could not be sent.' ) . "<br />\n" . __( 'Possible reason: your host may have disabled the mail() function.' ) );
+        }
+}
+
+/**
  * Creates, stores, then returns a password reset key for user.
  *
  * @since 4.4.0

wp-login.php

@@ -310 +310 @@
         <?php
 }
 
-/**
- * Handles sending password retrieval email to user.
- *
- * @return bool|WP_Error True: when finish. WP_Error on error
- */
-function retrieve_password() {
-        $errors = new WP_Error();
-
-        if ( empty( $_POST['user_login'] ) || ! is_string( $_POST['user_login'] ) ) {
-                $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Enter a username or email address.' ) );
-        } elseif ( strpos( $_POST['user_login'], '@' ) ) {
-                $user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) );
-                if ( empty( $user_data ) ) {
-                        $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: There is no user registered with that email address.' ) );
-                }
-        } else {
-                $login     = trim( $_POST['user_login'] );
-                $user_data = get_user_by( 'login', $login );
-        }
-
-        /**
-         * Fires before errors are returned from a password reset request.
-         *
-         * @since 2.1.0
-         * @since 4.4.0 Added the `$errors` parameter.
-         *
-         * @param WP_Error $errors A WP_Error object containing any errors generated
-         *                         by using invalid credentials.
-         */
-        do_action( 'lostpassword_post', $errors );
-
-        if ( $errors->has_errors() ) {
-                return $errors;
-        }
-
-        if ( ! $user_data ) {
-                $errors->add( 'invalidcombo', __( '<strong>ERROR</strong>: Invalid username or email.' ) );
-                return $errors;
-        }
-
-        // Redefining user_login ensures we return the right case in the email.
-        $user_login = $user_data->user_login;
-        $user_email = $user_data->user_email;
-        $key        = get_password_reset_key( $user_data );
-
-        if ( is_wp_error( $key ) ) {
-                return $key;
-        }
-
-        if ( is_multisite() ) {
-                $site_name = get_network()->site_name;
-        } else {
-                /*
-                 * The blogname option is escaped with esc_html on the way into the database
-                 * in sanitize_option we want to reverse this for the plain text arena of emails.
-                 */
-                $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
-        }
-
-        $message = __( 'Someone has requested a password reset for the following account:' ) . "\r\n\r\n";
-        /* translators: %s: site name */
-        $message .= sprintf( __( 'Site Name: %s' ), $site_name ) . "\r\n\r\n";
-        /* translators: %s: user login */
-        $message .= sprintf( __( 'Username: %s' ), $user_login ) . "\r\n\r\n";
-        $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n";
-        $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";
-        $message .= '<' . network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . ">\r\n";
-
-        /* translators: Password reset email subject. %s: Site name */
-        $title = sprintf( __( '[%s] Password Reset' ), $site_name );
-
-        /**
-         * Filters the subject of the password reset email.
-         *
-         * @since 2.8.0
-         * @since 4.4.0 Added the `$user_login` and `$user_data` parameters.
-         *
-         * @param string  $title      Default email title.
-         * @param string  $user_login The username for the user.
-         * @param WP_User $user_data  WP_User object.
-         */
-        $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data );
-
-        /**
-         * Filters the message body of the password reset mail.
-         *
-         * If the filtered message is empty, the password reset email will not be sent.
-         *
-         * @since 2.8.0
-         * @since 4.1.0 Added `$user_login` and `$user_data` parameters.
-         *
-         * @param string  $message    Default mail message.
-         * @param string  $key        The activation key.
-         * @param string  $user_login The username for the user.
-         * @param WP_User $user_data  WP_User object.
-         */
-        $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data );
-
-        if ( $message && ! wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) {
-                wp_die( __( 'The email could not be sent.' ) . "<br />\n" . __( 'Possible reason: your host may have disabled the mail() function.' ) );
-        }
-
-        return true;
-}
-
 //
 // Main
 //