Make WordPress Core

Ticket #37604: 37604.diff

File 37604.diff, 9.0 KB (added by birgire, 6 years ago)
  • src/wp-admin/js/user-profile.js

    diff --git src/wp-admin/js/user-profile.js src/wp-admin/js/user-profile.js
    index e95a428..eb64b47 100644
     
    278278        }
    279279
    280280        function check_pass_strength() {
    281                 var pass1 = $('#pass1').val(), strength;
     281                var pass1 = $('#pass1').val(),
     282                        $passScore = $('#wp-reset-pass-score'),
     283                        strength;
    282284
    283285                $('#pass-strength-result').removeClass('short bad good strong');
    284286                if ( ! pass1 ) {
     
    307309                        default:
    308310                                $('#pass-strength-result').addClass('short').html( pwsL10n['short'] );
    309311                }
     312                $passScore.val( strength );
    310313        }
    311314
    312315        function showOrHideWeakPasswordCheckbox() {
  • src/wp-includes/default-filters.php

    diff --git src/wp-includes/default-filters.php src/wp-includes/default-filters.php
    index 96d5fc3..e2ac861 100644
    add_action( 'wp_split_shared_term_batch', '_wp_batch_split_terms' ); 
    418418// Email notifications.
    419419add_action( 'comment_post', 'wp_new_comment_notify_moderator' );
    420420add_action( 'comment_post', 'wp_new_comment_notify_postauthor' );
    421 add_action( 'after_password_reset', 'wp_password_change_notification' );
     421add_action( 'after_password_reset', 'wp_password_change_notification', 10, 3 );
    422422add_action( 'register_new_user', 'wp_send_new_user_notifications' );
    423423add_action( 'edit_user_created_user', 'wp_send_new_user_notifications', 10, 2 );
    424424
  • src/wp-includes/pluggable.php

    diff --git src/wp-includes/pluggable.php src/wp-includes/pluggable.php
    index 9936858..6470907 100644
    if ( ! function_exists( 'wp_password_change_notification' ) ) : 
    18161816         * Notify the blog admin of a user changing password, normally via email.
    18171817         *
    18181818         * @since 2.7.0
    1819          *
    1820          * @param WP_User $user User object.
     1819         * @since x.x.x Adds the `$new_pass` input argument.
     1820         * @since x.x.x Adds the `$pass_score` input argument.
     1821         *
     1822         * @param WP_User $user       User object.
     1823         * @param string  $new_pass   New password for the user in plaintext. Default null.
     1824         * @param int     $pass_score The password strength score for the new password. Expected values:
     1825         *                            -1 (unknown), 0 (worst), 1 (very weak), 2 (weak), 3 (medium), 4 (strong), 5 (mismatch)
     1826         *                            Default null.
    18211827         */
    1822         function wp_password_change_notification( $user ) {
     1828        function wp_password_change_notification( $user, $new_pass = null, $pass_score = null ) {
    18231829                // send a copy of password change notification to the admin
    18241830                // but check to see if it's the admin whose password we're changing, and skip this
    18251831                if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) {
    18261832                        /* translators: %s: user name */
    18271833                        $message = sprintf( __( 'Password changed for user: %s' ), $user->user_login ) . "\r\n";
     1834
     1835                        $pass_score_labels = array(
     1836                                -1 => _x( 'Password strength unknown', 'password strength' ),
     1837                                0  => _x( 'Very weak', 'password strength' ), // Match the form notice seen by the user.
     1838                                1  => _x( 'Very weak', 'password strength' ),
     1839                                2  => _x( 'Weak', 'password strength' ),
     1840                                3  => _x( 'Medium', 'password strength' ),
     1841                                4  => _x( 'Strong', 'password strength' ),
     1842                                5  => _x( 'Mismatch', 'password mismatch' ),
     1843                        );
     1844
     1845                        if( isset( $pass_score_labels[ $pass_score ] ) ) {
     1846                                /* translators: %s: password strength */
     1847                                $message .= sprintf( __( 'Password strength: %s' ), $pass_score_labels[ $pass_score ] ) . "\r\n";
     1848                        }
     1849
    18281850                        // The blogname option is escaped with esc_html on the way into the database in sanitize_option
    18291851                        // we want to reverse this for the plain text arena of emails.
    18301852                        $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
  • src/wp-includes/user.php

    diff --git src/wp-includes/user.php src/wp-includes/user.php
    index 476aa51..063f5ad 100644
    function check_password_reset_key( $key, $login ) { 
    23602360 * Handles resetting the user's password.
    23612361 *
    23622362 * @since 2.5.0
     2363 * @since x.x.x Adds the `$pass_score` input argument.
    23632364 *
    2364  * @param WP_User $user     The user
    2365  * @param string $new_pass New password for the user in plaintext
     2365 * @param WP_User $user      The user.
     2366 * @param string $new_pass   New password for the user in plaintext.
     2367 * @param int    $pass_score The password strength score for the new password. Expected values:
     2368 *                           -1 (unknown), 0 (worst), 1 (very weak), 2 (weak), 3 (medium), 4 (strong), 5 (mismatch)
     2369 *                           Default null.
    23662370 */
    2367 function reset_password( $user, $new_pass ) {
     2371function reset_password( $user, $new_pass, $pass_score = null ) {
    23682372        /**
    23692373         * Fires before the user's password is reset.
    23702374         *
    23712375         * @since 1.5.0
     2376         * @since x.x.x Introduces the `$pass_score` input argument.
    23722377         *
    2373          * @param object $user     The user.
    2374          * @param string $new_pass New user password.
     2378         * @param object $user       The user.
     2379         * @param string $new_pass   New user password.
     2380         * @param int    $pass_score The password strength score for the new password. Expected values:
     2381         *                           -1 (unknown), 0 (worst), 1 (very weak), 2 (weak), 3 (medium), 4 (strong), 5 (mismatch)
     2382         *                           Default null.
    23752383         */
    2376         do_action( 'password_reset', $user, $new_pass );
     2384        do_action( 'password_reset', $user, $new_pass, $pass_score );
    23772385
    23782386        wp_set_password( $new_pass, $user->ID );
    23792387        update_user_option( $user->ID, 'default_password_nag', false, true );
    function reset_password( $user, $new_pass ) { 
    23822390         * Fires after the user's password is reset.
    23832391         *
    23842392         * @since 4.4.0
     2393         * @since x.x.x Introduces the `$pass_score` input argument.
    23852394         *
    2386          * @param WP_User $user     The user.
    2387          * @param string  $new_pass New user password.
     2395         * @param WP_User $user      The user.
     2396         * @param string  $new_pass  New user password.
     2397         * @param int    $pass_score The password strength score for the new password. Expected values:
     2398         *                           -1 (unknown), 0 (worst), 1 (very weak), 2 (weak), 3 (medium), 4 (strong), 5 (mismatch)
     2399         *                           Default null.
    23882400         */
    2389         do_action( 'after_password_reset', $user, $new_pass );
     2401        do_action( 'after_password_reset', $user, $new_pass, $pass_score );
    23902402}
    23912403
    23922404/**
  • src/wp-login.php

    diff --git src/wp-login.php src/wp-login.php
    index 93d0818..0946979 100644
    switch ( $action ) { 
    670670                        }
    671671                        exit;
    672672                }
     673                       
     674                $pass_score = null;
     675
     676                /**
     677                 *  Validate the input for the password strength score.
     678                 *
     679                 *  Allowed values: -1 (unknown), 0 (worst), 1 (very weak), 2 (weak), 3 (medium), 4 (strong), 5 (mismatch).
     680                 */
     681                if ( isset( $_POST['wp-reset-pass-score'] ) && is_numeric( $_POST['wp-reset-pass-score'] ) ) {
     682                        if ( -1 <= (int) $_POST['wp-reset-pass-score'] && (int) $_POST['wp-reset-pass-score'] <= 5 ) {
     683                                $pass_score = (int) $_POST['wp-reset-pass-score'];
     684                        }
     685                }
    673686
    674687                $errors = new WP_Error();
    675688
    switch ( $action ) { 
    681694                 * Fires before the password reset procedure is validated.
    682695                 *
    683696                 * @since 3.5.0
     697                 * @since x.x.x Introduces the `$pass_score` input argument.
    684698                 *
    685                  * @param object           $errors WP Error object.
    686                  * @param WP_User|WP_Error $user   WP_User object if the login and reset key match. WP_Error object otherwise.
     699                 * @param object           $errors     WP Error object.
     700                 * @param WP_User|WP_Error $user       WP_User object if the login and reset key match. WP_Error object otherwise.
     701                 * @param int              $pass_score The password strength score for the new password. Expected values:
     702                 *                                     -1 (unknown), 0 (worst), 1 (very weak), 2 (weak), 3 (medium), 4 (strong), 5 (mismatch)
     703                 *                                     Default null.
    687704                 */
    688                 do_action( 'validate_password_reset', $errors, $user );
     705                do_action( 'validate_password_reset', $errors, $user, $pass_score );
    689706
    690707                if ( ( ! $errors->has_errors() ) && isset( $_POST['pass1'] ) && ! empty( $_POST['pass1'] ) ) {
     708
     709                        reset_password( $user, $_POST['pass1'], $pass_score );
     710
    691711                        reset_password( $user, $_POST['pass1'] );
    692712                        setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
    693713                        login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
    switch ( $action ) { 
    745765        do_action( 'resetpass_form', $user );
    746766        ?>
    747767        <input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>" />
     768        <input type="hidden" name="wp-reset-pass-score" id="wp-reset-pass-score" value="" />
    748769        <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Reset Password' ); ?>" /></p>
    749770        </form>
    750771