Make WordPress Core

Ticket #34281: 34281.16.diff

File 34281.16.diff, 1.1 KB (added by audrasjb, 3 years ago)

Remove the IP Address from Admin generated password reset

  • src/wp-includes/user.php

    diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php
    index 5c6db55afb..f84f141383 100644
    a b function retrieve_password( $user_login = null ) { 
    27682768        $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";
    27692769        $message .= network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . "\r\n\r\n";
    27702770
    2771         $requester_ip = $_SERVER['REMOTE_ADDR'];
    2772         if ( $requester_ip ) {
    2773                 $message .= sprintf(
    2774                         /* translators: %s: IP address of password reset requester. */
    2775                         __( 'This password reset request originated from the IP address %s.' ),
    2776                         $requester_ip
    2777                 ) . "\r\n";
     2771        if ( ! is_user_logged_in() ) {
     2772                $requester_ip = $_SERVER['REMOTE_ADDR'];
     2773                if ( $requester_ip ) {
     2774                        $message .= sprintf(
     2775                                /* translators: %s: IP address of password reset requester. */
     2776                                __( 'This password reset request originated from the IP address %s.' ),
     2777                                $requester_ip
     2778                        ) . "\r\n";
     2779                }
    27782780        }
    27792781
    27802782        /* translators: Password reset notification email subject. %s: Site title. */