Ticket #45845: 45845.3.diff

src/wp-includes/user.php

@@ -2317 +2317 @@
                 return new WP_Error( 'invalid_key', __( 'Invalid key.' ) );
         }
 
-        $row = $wpdb->get_row( $wpdb->prepare( "SELECT ID, user_activation_key FROM $wpdb->users WHERE user_login = %s", $login ) );
-        if ( ! $row ) {
+        $user = get_user_by( 'login', $login );
+        if ( ! $user ) {
                 return new WP_Error( 'invalid_key', __( 'Invalid key.' ) );
         }
 
@@ -2336 +2336 @@
          */
         $expiration_duration = apply_filters( 'password_reset_expiration', DAY_IN_SECONDS );
 
-        if ( false !== strpos( $row->user_activation_key, ':' ) ) {
-                list( $pass_request_time, $pass_key ) = explode( ':', $row->user_activation_key, 2 );
+        if ( false !== strpos( $user->user_activation_key, ':' ) ) {
+                list( $pass_request_time, $pass_key ) = explode( ':', $user->user_activation_key, 2 );
                 $expiration_time                      = $pass_request_time + $expiration_duration;
         } else {
-                $pass_key        = $row->user_activation_key;
+                $pass_key        = $user->user_activation_key;
                 $expiration_time = false;
         }
 
@@ -2351 +2351 @@
         $hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key );
 
         if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) {
-                return get_userdata( $row->ID );
+                return get_userdata( $user->ID );
         } elseif ( $hash_is_correct && $expiration_time ) {
                 // Key has an expiration time that's passed
                 return new WP_Error( 'expired_key', __( 'Invalid key.' ) );
         }
 
-        if ( hash_equals( $row->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) {
+        if ( hash_equals( $user->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) {
                 $return  = new WP_Error( 'expired_key', __( 'Invalid key.' ) );
-                $user_id = $row->ID;
+                $user_id = $user->ID;
 
                 /**
                  * Filters the return value of check_password_reset_key() when an

tests/phpunit/tests/auth.php

@@ -242 +242 @@
                                 'ID' => $this->user->ID,
                         )
                 );
+                clean_user_cache( $this->user );
 
                 // A valid key should be accepted
                 $check = check_password_reset_key( $key, $this->user->user_login );
@@ -279 +280 @@
                                 'ID' => $this->user->ID,
                         )
                 );
+                clean_user_cache( $this->user );
 
                 // An expired but otherwise valid key should be rejected
                 $check = check_password_reset_key( $key, $this->user->user_login );
@@ -316 +318 @@
                                 'ID' => $this->user->ID,
                         )
                 );
+                clean_user_cache( $this->user );
 
                 // A legacy user_activation_key should not be accepted
                 $check = check_password_reset_key( $key, $this->user->user_login );
@@ -345 +348 @@
                                 'ID' => $this->user->ID,
                         )
                 );
+                clean_user_cache( $this->user );
 
                 // A plaintext user_activation_key should not allow an otherwise valid key to be accepted
                 $check = check_password_reset_key( $key, $this->user->user_login );