Ticket #32430: 32430.rmarks.patch

wp-includes/pluggable.php

@@ -1654 +1654 @@
 /**
  * Notify the blog admin of a user changing password, normally via email.
  *
+ * Notify the user of any change to their password, also via email.
+ *
  * @since 2.7.0
  *
  * @param object $user User Object
  */
 function wp_password_change_notification(&$user) {
-        // send a copy of password change notification to the admin
+        // send password change notification to the admin
         // but check to see if it's the admin whose password we're changing, and skip this
         if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) {
                 $message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n";
@@ -1667 +1669 @@
                 // we want to reverse this for the plain text arena of emails.
                 $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
                 wp_mail(get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), $blogname), $message);
+
+        //send password change notification to the user
+        } else {
+                /* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
+                $email_text = __( 'Howdy ###USERNAME###,
+
+This notice is confirming you recently changed your password on ###SITENAME###.
+
+If you did not change your password, please contact the Site Administrator at
+###ADMIN_EMAIL###
+
+This email has been sent to ###EMAIL###
+
+Regards,
+All at ###SITENAME###
+###SITEURL###' );
+
+                /**
+                 * Filter the email text sent when the user's password is changed.
+                 *
+                 * The following strings have a special meaning and will get replaced dynamically:
+                 * ###USERNAME###    The current user's username.
+                 * ###ADMIN_EMAIL### The link to click on to confirm the email change.
+                 * ###EMAIL###       The new email.
+                 * ###SITENAME###    The name of the site.
+                 * ###SITEURL###     The URL to the site.
+                 *
+                 * @since 4.3
+                 *
+                 * @param string $email_text      Text in the email.
+                 */
+                $content = apply_filters( 'user_password_change_email_content', $email_text );
+
+                $content = str_replace( '###USERNAME###', $user->user_login, $content );
+                $content = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $content );
+                $content = str_replace( '###EMAIL###', $user->user_email, $content );
+                $content = str_replace( '###SITENAME###', get_option( 'blogname' ), $content );
+                $content = str_replace( '###SITEURL###', get_option( 'siteurl' ), $content );
+
+                wp_mail( $user->user_email, sprintf( __( '[%s] Notice of Password Change' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
         }
 }
 endif;