Ticket #34281: 34281.7.diff
File 34281.7.diff, 13.2 KB (added by , 6 years ago) |
---|
-
src/js/_enqueues/admin/user-profile.js
diff --git src/js/_enqueues/admin/user-profile.js src/js/_enqueues/admin/user-profile.js index 7fa3064400..dca6573106 100644
154 154 }); 155 155 } 156 156 157 /** 158 * Handle the password reset button. Sets up an ajax callback to trigger sending 159 * a password reset email. 160 */ 161 function bindPasswordRestLink() { 162 $( '#generate-reset-link' ).on( 'click', function() { 163 var $this = $(this), 164 data = { 165 'user_id': userProfileL10n.user_id, // The user to send a reset to. 166 'nonce': userProfileL10n.nonce // Nonce to validate the action. 167 }; 168 169 // Remove any previous error messages. 170 $this.parent().find( '.notice-error' ).remove(); 171 172 // Send the reset request. 173 var resetAction = wp.ajax.post( 'send-password-reset', data ); 174 175 // Handle reset success. 176 resetAction.done( function( response ) { 177 addInlineNotice( $this, true, response ); 178 } ); 179 180 // Handle reset failure. 181 resetAction.fail( function( response ) { 182 addInlineNotice( $this, false, response ); 183 } ); 184 185 }); 186 187 } 188 189 /** 190 * Helper function to insert an inline notice of success or failure. 191 * 192 * @param {jQuery Object} $this The button element: the message will be inserted 193 * above this button 194 * @param {bool} success Whether the message is a success message. 195 * @param {string} message The message to insert. 196 */ 197 function addInlineNotice( $this, success, message ) { 198 var resultDiv = $( '<div />' ); 199 200 // Set up the notice div. 201 resultDiv.addClass( 'notice inline' ); 202 203 // Add a class indicating success or failure. 204 resultDiv.addClass( 'notice-' + ( success ? 'success' : 'error' ) ); 205 206 // Add the message, wrapping in a p tag, with a fadein to highlight each message. 207 resultDiv.text( $( $.parseHTML( message ) ).text() ).wrapInner( '<p />'); 208 209 // Disable the button when the callback has succeeded. 210 $this.prop( 'disabled', success ); 211 212 // Remove any previous notices. 213 $this.siblings( '.notice' ).remove(); 214 215 // Insert the notice. 216 $this.before( resultDiv ); 217 } 218 157 219 function bindPasswordForm() { 158 220 var $passwordWrapper, 159 221 $generateButton, … … 442 504 }); 443 505 444 506 bindPasswordForm(); 507 bindPasswordRestLink(); 445 508 }); 446 509 447 510 $( '#destroy-sessions' ).on( 'click', function( e ) { -
src/wp-admin/admin-ajax.php
diff --git src/wp-admin/admin-ajax.php src/wp-admin/admin-ajax.php index 93c32393e0..c13b1c0398 100644
$core_actions_post = array( 131 131 'edit-theme-plugin-file', 132 132 'wp-privacy-export-personal-data', 133 133 'wp-privacy-erase-personal-data', 134 'send-password-reset', 134 135 ); 135 136 136 137 // Deprecated -
src/wp-admin/includes/ajax-actions.php
diff --git src/wp-admin/includes/ajax-actions.php src/wp-admin/includes/ajax-actions.php index 6526a10667..9b4f0d6ed4 100644
function wp_ajax_wp_privacy_erase_personal_data() { 4769 4769 4770 4770 wp_send_json_success( $response ); 4771 4771 } 4772 4773 /** 4774 * Ajax handler sends a password reset link. 4775 * 4776 * @since 4.4.0 4777 */ 4778 function wp_ajax_send_password_reset() { 4779 4780 // Validate the nonce for this action. 4781 $user_id = isset( $_POST['user_id'] ) ? (int) $_POST['user_id'] : 0; 4782 check_ajax_referer( 'reset-password-for-' . $user_id, 'nonce' ); 4783 4784 // Verify user capabilities. 4785 if ( ! current_user_can( 'edit_user', $user_id ) ) { 4786 wp_send_json_error( __( 'Cannot send password reset, permission denied.' ) ); 4787 } 4788 4789 // Send the password reset link. 4790 $user = get_userdata( $user_id ); 4791 $results = retrieve_password( $user->user_login ); 4792 4793 if ( true === $results ) { 4794 wp_send_json_success( 4795 /* translators: 1: User's display name. */ 4796 sprintf( __( 'A password reset link was emailed to %s.' ), $user->display_name ) 4797 ); 4798 } else { 4799 wp_send_json_error( $results ); 4800 } 4801 } -
src/wp-admin/includes/class-wp-users-list-table.php
diff --git src/wp-admin/includes/class-wp-users-list-table.php src/wp-admin/includes/class-wp-users-list-table.php index 5d7cfde73f..ceed535bcb 100644
class WP_Users_List_Table extends WP_List_Table { 250 250 } 251 251 } 252 252 253 // Add a password reset link to the bulk actions dropdown. 254 if ( current_user_can( 'edit_users' ) ) { 255 $actions['resetpassword'] = __( 'Send password reset' ); 256 } 257 258 253 259 return $actions; 254 260 } 255 261 … … class WP_Users_List_Table extends WP_List_Table { 447 453 ); 448 454 } 449 455 456 // Add a link to send the user a reset password link by email. 457 if ( get_current_user_id() != $user_object->ID && current_user_can( 'edit_user', $user_object->ID ) ) 458 $actions['resetpassword'] = "<a class='resetpassword' href='" . wp_nonce_url( "users.php?action=resetpassword&users=$user_object->ID", 'bulk-users' ) . "'>" . __( 'Send password reset' ) . "</a>"; 459 460 450 461 /** 451 462 * Filters the action links displayed under each user in the Users list table. 452 463 * -
src/wp-admin/user-edit.php
diff --git src/wp-admin/user-edit.php src/wp-admin/user-edit.php index 3a469a3db0..df81a12e04 100644
if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_c 589 589 </p> 590 590 </td> 591 591 </tr> 592 <?php endif; ?> 593 <?php 594 // Allow admins to send reset password link 595 if ( ! IS_PROFILE_PAGE ) : 596 ?> 597 <tr class="user-sessions-wrap hide-if-no-js"> 598 <th><?php _e( 'Password Reset' ); ?></th> 599 <td> 600 <div class="generate-reset-link"> 601 <button type="button" class="button button-secondary" id="generate-reset-link"> 602 <?php _e( 'Send Reset Link' ); ?> 603 </button> 604 </div> 605 <p class="description"> 606 <?php 607 /* translators: 1: User's display name. */ 608 printf( __( 'Send %s a link to reset their password. This will not change their password, nor will it force a change.' ), esc_html( $profileuser->display_name ) ); 609 ?> 610 </p> 611 </td> 612 </tr> 592 613 <?php endif; ?> 593 614 594 615 <?php -
src/wp-admin/users.php
diff --git src/wp-admin/users.php src/wp-admin/users.php index 42ce41e87e..6a5ff0321a 100644
switch ( $wp_list_table->current_action() ) { 212 212 wp_redirect( $redirect ); 213 213 exit(); 214 214 215 case 'resetpassword': 216 check_admin_referer('bulk-users'); 217 if ( ! current_user_can( 'edit_users' ) ) { 218 $errors = new WP_Error( 'edit_users', __( 'You can’t edit users.' ) ); 219 } 220 if ( empty( $_REQUEST['users'] ) ) { 221 wp_redirect( $redirect ); 222 exit(); 223 } 224 $userids = array_map( 'intval', (array) $_REQUEST['users'] ); 225 226 $reset_count = 0; 227 228 foreach ( $userids as $id ) { 229 if ( ! current_user_can( 'edit_user', $id ) ) 230 wp_die(__( 'You can’t edit that user.' ) ); 231 232 if ( $id == $current_user->ID ) { 233 $update = 'err_admin_reset'; 234 continue; 235 } 236 237 // Send the password reset link. 238 $user = get_userdata( $id ); 239 if ( retrieve_password( $user->user_login ) ) { 240 ++$reset_count; 241 } 242 243 } 244 245 $redirect = add_query_arg( 246 array( 247 'reset_count' => $reset_count, 248 'update' => 'resetpassword', 249 ), $redirect 250 ); 251 wp_redirect( $redirect ); 252 exit(); 253 215 254 case 'delete': 216 255 if ( is_multisite() ) { 217 256 wp_die( __( 'User deletion is not allowed from this screen.' ), 400 ); … … switch ( $wp_list_table->current_action() ) { 487 526 $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . __( 'New user created.' ) . '</p></div>'; 488 527 } 489 528 break; 529 case 'resetpassword': 530 $reset_count = isset( $_GET['reset_count'] ) ? (int) $_GET['reset_count'] : 0; 531 if ( 1 === $reset_count ) { 532 $message = __( 'Password reset link sent.' ); 533 } else { 534 $message = sprintf( __( 'Password reset links sent to %s users.' ), $reset_count ); 535 } 536 $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . $message . '</p></div>'; 537 break; 490 538 case 'promote': 491 539 $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . __( 'Changed roles.' ) . '</p></div>'; 492 540 break; -
src/wp-includes/functions.php
diff --git src/wp-includes/functions.php src/wp-includes/functions.php index 9a8b4cf911..cde4749cce 100644
function wp_get_update_php_url() { 6649 6649 function wp_get_default_update_php_url() { 6650 6650 return _x( 'https://wordpress.org/support/update-php/', 'localized PHP upgrade information page' ); 6651 6651 } 6652 6653 /** 6654 * Handles sending password retrieval email to user. 6655 * 6656 * @global wpdb $wpdb WordPress database abstraction object. 6657 * @global PasswordHash $wp_hasher Portable PHP password hashing framework. 6658 * @param string $user_login Optional user_login, default null. 6659 * Uses $_POST['user_login'] if $user_login not set. 6660 * 6661 * @return bool|WP_Error True: when finish. WP_Error on error 6662 */ 6663 function retrieve_password( $user_login = null ) { 6664 global $wpdb, $wp_hasher; 6665 6666 $errors = new WP_Error(); 6667 6668 // Use the passed $user_login if available, otherwise use $_POST['user_login']. 6669 if ( !$user_login && !empty( $_POST['user_login'] ) ) { 6670 $user_login = $_POST['user_login']; 6671 } 6672 6673 if ( empty( $user_login ) ) { 6674 $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or email address.')); 6675 } elseif ( strpos( $user_login, '@' ) ) { 6676 $user_data = get_user_by( 'email', sanitize_email( $user_login ) ); 6677 if ( empty( $user_data ) ) 6678 $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.')); 6679 } else { 6680 $user_data = get_user_by('login', sanitize_user( $user_login ) ); 6681 } 6682 6683 /** 6684 * Fires before errors are returned from a password reset request. 6685 * 6686 * @since 2.1.0 6687 * @since 4.4.0 Added the `$errors` parameter. 6688 * 6689 * @param WP_Error $errors A WP_Error object containing any errors generated 6690 * by using invalid credentials. 6691 */ 6692 do_action( 'lostpassword_post', $errors ); 6693 6694 if ( $errors->get_error_code() ) 6695 return $errors; 6696 6697 if ( !$user_data ) { 6698 $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or email.')); 6699 return $errors; 6700 } 6701 6702 // Redefining user_login ensures we return the right case in the email. 6703 $user_login = $user_data->user_login; 6704 $user_email = $user_data->user_email; 6705 $key = get_password_reset_key( $user_data ); 6706 6707 if ( is_wp_error( $key ) ) { 6708 return $key; 6709 } 6710 6711 $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; 6712 $message .= network_home_url( '/' ) . "\r\n\r\n"; 6713 $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; 6714 $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n"; 6715 $message .= __('To reset your password, visit the following address:') . "\r\n\r\n"; 6716 $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n"; 6717 6718 if ( is_multisite() ) 6719 $blogname = $GLOBALS['current_site']->site_name; 6720 else 6721 /* 6722 * The blogname option is escaped with esc_html on the way into the database 6723 * in sanitize_option we want to reverse this for the plain text arena of emails. 6724 */ 6725 $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); 6726 6727 $title = sprintf( __('[%s] Password Reset'), $blogname ); 6728 6729 /** 6730 * Filter the subject of the password reset email. 6731 * 6732 * @since 2.8.0 6733 * @since 4.4.0 Added the `$user_login` and `$user_data` parameters. 6734 * 6735 * @param string $title Default email title. 6736 * @param string $user_login The username for the user. 6737 * @param WP_User $user_data WP_User object. 6738 */ 6739 $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data ); 6740 6741 /** 6742 * Filter the message body of the password reset mail. 6743 * 6744 * @since 2.8.0 6745 * @since 4.1.0 Added `$user_login` and `$user_data` parameters. 6746 * 6747 * @param string $message Default mail message. 6748 * @param string $key The activation key. 6749 * @param string $user_login The username for the user. 6750 * @param WP_User $user_data WP_User object. 6751 */ 6752 $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data ); 6753 6754 if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) 6755 wp_die( __('The email could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') ); 6756 6757 return true; 6758 } -
src/wp-includes/script-loader.php
diff --git src/wp-includes/script-loader.php src/wp-includes/script-loader.php index bc21f9cbac..4b33eda072 100644
function wp_default_scripts( &$scripts ) { 1307 1307 ) 1308 1308 ); 1309 1309 1310 $user_id = isset( $_GET['user_id'] ) ? (int) $_GET['user_id'] : 0; 1310 1311 $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter', 'wp-util' ), false, 1 ); 1311 1312 did_action( 'init' ) && $scripts->localize( 1312 1313 'user-profile', … … function wp_default_scripts( &$scripts ) { 1319 1320 'cancel' => __( 'Cancel' ), 1320 1321 'ariaShow' => esc_attr__( 'Show password' ), 1321 1322 'ariaHide' => esc_attr__( 'Hide password' ), 1323 'user_id' => $user_id, 1324 'nonce' => wp_create_nonce( 'reset-password-for-' . $user_id ), 1322 1325 ) 1323 1326 ); 1324 1327