Make WordPress Core

Ticket #34281: 34281.15.diff

File 34281.15.diff, 2.4 KB (added by audrasjb, 3 years ago)

Remove the IP Address from Admin generated password reset

  • src/wp-admin/includes/ajax-actions.php

    diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php
    index a6f4a21e45..8174eeaf63 100644
    a b function wp_ajax_send_password_reset() { 
    54255425
    54265426        // Send the password reset link.
    54275427        $user    = get_userdata( $user_id );
    5428         $results = retrieve_password( $user->user_login );
     5428        $results = retrieve_password( $user->user_login, 'send_password_reset_from_admin' );
    54295429
    54305430        if ( true === $results ) {
    54315431                wp_send_json_success(
  • src/wp-includes/user.php

    diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php
    index 5c6db55afb..6e8a024233 100644
    a b function check_password_reset_key( $key, $login ) { 
    26662666 *
    26672667 * @param string $user_login Optional. Username to send a password retrieval email for.
    26682668 *                           Defaults to `$_POST['user_login']` if not set.
     2669 * @param string $context    Optional. Context to send a password retrieval email for.
     2670 *                           Used to avoid sending the Admin IP address when the password
     2671 *                           reset was not asked by the user.
    26692672 * @return true|WP_Error True when finished, WP_Error object on error.
    26702673 */
    2671 function retrieve_password( $user_login = null ) {
     2674function retrieve_password( $user_login = null, $context = '' ) {
    26722675        $errors    = new WP_Error();
    26732676        $user_data = false;
    26742677
    function retrieve_password( $user_login = null ) { 
    27682771        $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";
    27692772        $message .= network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . "\r\n\r\n";
    27702773
    2771         $requester_ip = $_SERVER['REMOTE_ADDR'];
    2772         if ( $requester_ip ) {
    2773                 $message .= sprintf(
    2774                         /* translators: %s: IP address of password reset requester. */
    2775                         __( 'This password reset request originated from the IP address %s.' ),
    2776                         $requester_ip
    2777                 ) . "\r\n";
     2774        if ( 'send_password_reset_from_admin' !== $context ) {
     2775                $requester_ip = $_SERVER['REMOTE_ADDR'];
     2776                if ( $requester_ip ) {
     2777                        $message .= sprintf(
     2778                                /* translators: %s: IP address of password reset requester. */
     2779                                __( 'This password reset request originated from the IP address %s.' ),
     2780                                $requester_ip
     2781                        ) . "\r\n";
     2782                }
    27782783        }
    27792784
    27802785        /* translators: Password reset notification email subject. %s: Site title. */