Ticket #34281: 34281.8.diff
| File 34281.8.diff, 13.1 KB (added by , 6 years ago) |
|---|
-
src/js/_enqueues/admin/user-profile.js
diff --git src/js/_enqueues/admin/user-profile.js src/js/_enqueues/admin/user-profile.js index ec76df9c7f..a017684265 100644
142 142 }); 143 143 } 144 144 145 /** 146 * Handle the password reset button. Sets up an ajax callback to trigger sending 147 * a password reset email. 148 */ 149 function bindPasswordRestLink() { 150 $( '#generate-reset-link' ).on( 'click', function() { 151 var $this = $(this), 152 data = { 153 'user_id': userProfileL10n.user_id, // The user to send a reset to. 154 'nonce': userProfileL10n.nonce // Nonce to validate the action. 155 }; 156 157 // Remove any previous error messages. 158 $this.parent().find( '.notice-error' ).remove(); 159 160 // Send the reset request. 161 var resetAction = wp.ajax.post( 'send-password-reset', data ); 162 163 // Handle reset success. 164 resetAction.done( function( response ) { 165 addInlineNotice( $this, true, response ); 166 } ); 167 168 // Handle reset failure. 169 resetAction.fail( function( response ) { 170 addInlineNotice( $this, false, response ); 171 } ); 172 173 }); 174 175 } 176 177 /** 178 * Helper function to insert an inline notice of success or failure. 179 * 180 * @param {jQuery Object} $this The button element: the message will be inserted 181 * above this button 182 * @param {bool} success Whether the message is a success message. 183 * @param {string} message The message to insert. 184 */ 185 function addInlineNotice( $this, success, message ) { 186 var resultDiv = $( '<div />' ); 187 188 // Set up the notice div. 189 resultDiv.addClass( 'notice inline' ); 190 191 // Add a class indicating success or failure. 192 resultDiv.addClass( 'notice-' + ( success ? 'success' : 'error' ) ); 193 194 // Add the message, wrapping in a p tag, with a fadein to highlight each message. 195 resultDiv.text( $( $.parseHTML( message ) ).text() ).wrapInner( '<p />'); 196 197 // Disable the button when the callback has succeeded. 198 $this.prop( 'disabled', success ); 199 200 // Remove any previous notices. 201 $this.siblings( '.notice' ).remove(); 202 203 // Insert the notice. 204 $this.before( resultDiv ); 205 } 206 145 207 function bindPasswordForm() { 146 208 var $passwordWrapper, 147 209 $generateButton, … … 430 492 }); 431 493 432 494 bindPasswordForm(); 495 bindPasswordRestLink(); 433 496 }); 434 497 435 498 $( '#destroy-sessions' ).on( 'click', function( e ) { -
src/wp-admin/admin-ajax.php
diff --git src/wp-admin/admin-ajax.php src/wp-admin/admin-ajax.php index 93c32393e0..c13b1c0398 100644
$core_actions_post = array( 131 131 'edit-theme-plugin-file', 132 132 'wp-privacy-export-personal-data', 133 133 'wp-privacy-erase-personal-data', 134 'send-password-reset', 134 135 ); 135 136 136 137 // Deprecated -
src/wp-admin/includes/ajax-actions.php
diff --git src/wp-admin/includes/ajax-actions.php src/wp-admin/includes/ajax-actions.php index c565817914..b1fb84b43f 100644
function wp_ajax_wp_privacy_erase_personal_data() { 4833 4833 4834 4834 wp_send_json_success( $response ); 4835 4835 } 4836 4837 /** 4838 * Ajax handler sends a password reset link. 4839 * 4840 * @since 4.4.0 4841 */ 4842 function wp_ajax_send_password_reset() { 4843 4844 // Validate the nonce for this action. 4845 $user_id = isset( $_POST['user_id'] ) ? (int) $_POST['user_id'] : 0; 4846 check_ajax_referer( 'reset-password-for-' . $user_id, 'nonce' ); 4847 4848 // Verify user capabilities. 4849 if ( ! current_user_can( 'edit_user', $user_id ) ) { 4850 wp_send_json_error( __( 'Cannot send password reset, permission denied.' ) ); 4851 } 4852 4853 // Send the password reset link. 4854 $user = get_userdata( $user_id ); 4855 $results = retrieve_password( $user->user_login ); 4856 4857 if ( true === $results ) { 4858 wp_send_json_success( 4859 /* translators: 1: User's display name. */ 4860 sprintf( __( 'A password reset link was emailed to %s.' ), $user->display_name ) 4861 ); 4862 } else { 4863 wp_send_json_error( $results ); 4864 } 4865 } -
src/wp-admin/includes/class-wp-users-list-table.php
diff --git src/wp-admin/includes/class-wp-users-list-table.php src/wp-admin/includes/class-wp-users-list-table.php index 28e1978721..1fb5697d11 100644
class WP_Users_List_Table extends WP_List_Table { 250 250 } 251 251 } 252 252 253 // Add a password reset link to the bulk actions dropdown. 254 if ( current_user_can( 'edit_users' ) ) { 255 $actions['resetpassword'] = __( 'Send password reset' ); 256 } 257 258 253 259 return $actions; 254 260 } 255 261 … … class WP_Users_List_Table extends WP_List_Table { 447 453 ); 448 454 } 449 455 456 // Add a link to send the user a reset password link by email. 457 if ( get_current_user_id() != $user_object->ID && current_user_can( 'edit_user', $user_object->ID ) ) 458 $actions['resetpassword'] = "<a class='resetpassword' href='" . wp_nonce_url( "users.php?action=resetpassword&users=$user_object->ID", 'bulk-users' ) . "'>" . __( 'Send password reset' ) . "</a>"; 459 460 450 461 /** 451 462 * Filters the action links displayed under each user in the Users list table. 452 463 * -
src/wp-admin/user-edit.php
diff --git src/wp-admin/user-edit.php src/wp-admin/user-edit.php index f1e605bf03..99517a654a 100644
endif; //!IS_PROFILE_PAGE 589 589 </p> 590 590 </td> 591 591 </tr> 592 <?php endif; ?> 593 <?php 594 // Allow admins to send reset password link 595 if ( ! IS_PROFILE_PAGE ) : 596 ?> 597 <tr class="user-sessions-wrap hide-if-no-js"> 598 <th><?php _e( 'Password Reset' ); ?></th> 599 <td> 600 <div class="generate-reset-link"> 601 <button type="button" class="button button-secondary" id="generate-reset-link"> 602 <?php _e( 'Send Reset Link' ); ?> 603 </button> 604 </div> 605 <p class="description"> 606 <?php 607 /* translators: 1: User's display name. */ 608 printf( __( 'Send %s a link to reset their password. This will not change their password, nor will it force a change.' ), esc_html( $profileuser->display_name ) ); 609 ?> 610 </p> 611 </td> 612 </tr> 592 613 <?php endif; ?> 593 614 594 615 <?php -
src/wp-admin/users.php
diff --git src/wp-admin/users.php src/wp-admin/users.php index b79e5a8672..228dddc1f7 100644
switch ( $wp_list_table->current_action() ) { 212 212 wp_redirect( $redirect ); 213 213 exit(); 214 214 215 case 'resetpassword': 216 check_admin_referer('bulk-users'); 217 if ( ! current_user_can( 'edit_users' ) ) { 218 $errors = new WP_Error( 'edit_users', __( 'You can’t edit users.' ) ); 219 } 220 if ( empty( $_REQUEST['users'] ) ) { 221 wp_redirect( $redirect ); 222 exit(); 223 } 224 $userids = array_map( 'intval', (array) $_REQUEST['users'] ); 225 226 $reset_count = 0; 227 228 foreach ( $userids as $id ) { 229 if ( ! current_user_can( 'edit_user', $id ) ) 230 wp_die(__( 'You can’t edit that user.' ) ); 231 232 if ( $id == $current_user->ID ) { 233 $update = 'err_admin_reset'; 234 continue; 235 } 236 237 // Send the password reset link. 238 $user = get_userdata( $id ); 239 if ( retrieve_password( $user->user_login ) ) { 240 ++$reset_count; 241 } 242 243 } 244 245 $redirect = add_query_arg( 246 array( 247 'reset_count' => $reset_count, 248 'update' => 'resetpassword', 249 ), $redirect 250 ); 251 wp_redirect( $redirect ); 252 exit(); 253 215 254 case 'delete': 216 255 if ( is_multisite() ) { 217 256 wp_die( __( 'User deletion is not allowed from this screen.' ), 400 ); … … switch ( $wp_list_table->current_action() ) { 487 526 $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . __( 'New user created.' ) . '</p></div>'; 488 527 } 489 528 break; 529 case 'resetpassword': 530 $reset_count = isset( $_GET['reset_count'] ) ? (int) $_GET['reset_count'] : 0; 531 if ( 1 === $reset_count ) { 532 $message = __( 'Password reset link sent.' ); 533 } else { 534 $message = sprintf( __( 'Password reset links sent to %s users.' ), $reset_count ); 535 } 536 $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . $message . '</p></div>'; 537 break; 490 538 case 'promote': 491 539 $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . __( 'Changed roles.' ) . '</p></div>'; 492 540 break; -
src/wp-includes/functions.php
diff --git src/wp-includes/functions.php src/wp-includes/functions.php index 4d3f46410a..e8ab0fa283 100644
function wp_update_php_annotation() { 6830 6830 ); 6831 6831 echo'</p>'; 6832 6832 } 6833 6834 6835 /** 6836 * Handles sending password retrieval email to user. 6837 * 6838 * @global wpdb $wpdb WordPress database abstraction object. 6839 * @global PasswordHash $wp_hasher Portable PHP password hashing framework. 6840 * @param string $user_login Optional user_login, default null. 6841 * Uses $_POST['user_login'] if $user_login not set. 6842 * 6843 * @return bool|WP_Error True: when finish. WP_Error on error 6844 */ 6845 function retrieve_password( $user_login = null ) { 6846 global $wpdb, $wp_hasher; 6847 6848 $errors = new WP_Error(); 6849 6850 // Use the passed $user_login if available, otherwise use $_POST['user_login']. 6851 if ( !$user_login && !empty( $_POST['user_login'] ) ) { 6852 $user_login = $_POST['user_login']; 6853 } 6854 6855 if ( empty( $user_login ) ) { 6856 $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or email address.')); 6857 } elseif ( strpos( $user_login, '@' ) ) { 6858 $user_data = get_user_by( 'email', sanitize_email( $user_login ) ); 6859 if ( empty( $user_data ) ) 6860 $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.')); 6861 } else { 6862 $user_data = get_user_by('login', sanitize_user( $user_login ) ); 6863 } 6864 6865 /** 6866 * Fires before errors are returned from a password reset request. 6867 * 6868 * @since 2.1.0 6869 * @since 4.4.0 Added the `$errors` parameter. 6870 * 6871 * @param WP_Error $errors A WP_Error object containing any errors generated 6872 * by using invalid credentials. 6873 */ 6874 do_action( 'lostpassword_post', $errors ); 6875 6876 if ( $errors->get_error_code() ) 6877 return $errors; 6878 6879 if ( !$user_data ) { 6880 $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or email.')); 6881 return $errors; 6882 } 6883 6884 // Redefining user_login ensures we return the right case in the email. 6885 $user_login = $user_data->user_login; 6886 $user_email = $user_data->user_email; 6887 $key = get_password_reset_key( $user_data ); 6888 6889 if ( is_wp_error( $key ) ) { 6890 return $key; 6891 } 6892 6893 $message = __('Someone requested that the password be reset for the following account:') . "\r\n\r\n"; 6894 $message .= network_home_url( '/' ) . "\r\n\r\n"; 6895 $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; 6896 $message .= __('If this was a mistake, just ignore this email and nothing will happen.') . "\r\n\r\n"; 6897 $message .= __('To reset your password, visit the following address:') . "\r\n\r\n"; 6898 $message .= '<' . network_site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . ">\r\n"; 6899 6900 if ( is_multisite() ) 6901 $blogname = $GLOBALS['current_site']->site_name; 6902 else 6903 /* 6904 * The blogname option is escaped with esc_html on the way into the database 6905 * in sanitize_option we want to reverse this for the plain text arena of emails. 6906 */ 6907 $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); 6908 6909 $title = sprintf( __('[%s] Password Reset'), $blogname ); 6910 6911 /** 6912 * Filter the subject of the password reset email. 6913 * 6914 * @since 2.8.0 6915 * @since 4.4.0 Added the `$user_login` and `$user_data` parameters. 6916 * 6917 * @param string $title Default email title. 6918 * @param string $user_login The username for the user. 6919 * @param WP_User $user_data WP_User object. 6920 */ 6921 $title = apply_filters( 'retrieve_password_title', $title, $user_login, $user_data ); 6922 6923 /** 6924 * Filter the message body of the password reset mail. 6925 * 6926 * @since 2.8.0 6927 * @since 4.1.0 Added `$user_login` and `$user_data` parameters. 6928 * 6929 * @param string $message Default mail message. 6930 * @param string $key The activation key. 6931 * @param string $user_login The username for the user. 6932 * @param WP_User $user_data WP_User object. 6933 */ 6934 $message = apply_filters( 'retrieve_password_message', $message, $key, $user_login, $user_data ); 6935 6936 if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) ) 6937 wp_die( __('The email could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') ); 6938 6939 return true; 6940 } -
src/wp-includes/script-loader.php
diff --git src/wp-includes/script-loader.php src/wp-includes/script-loader.php index 9e75261959..4a6d989160 100644
function wp_default_scripts( &$scripts ) { 1307 1307 ) 1308 1308 ); 1309 1309 1310 $user_id = isset( $_GET['user_id'] ) ? (int) $_GET['user_id'] : 0; 1310 1311 $scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array( 'jquery', 'password-strength-meter', 'wp-util' ), false, 1 ); 1311 1312 did_action( 'init' ) && $scripts->localize( 1312 1313 'user-profile', … … function wp_default_scripts( &$scripts ) { 1319 1320 'cancel' => __( 'Cancel' ), 1320 1321 'ariaShow' => esc_attr__( 'Show password' ), 1321 1322 'ariaHide' => esc_attr__( 'Hide password' ), 1323 'user_id' => $user_id, 1324 'nonce' => wp_create_nonce( 'reset-password-for-' . $user_id ), 1322 1325 ) 1323 1326 ); 1324 1327