Ticket #47352: 47352.diff

class-wp-recovery-mode-email-service.php

@@ -49 +49 @@
          */
         public function maybe_send_recovery_mode_email( $rate_limit, $error, $extension ) {
 
+                // Check if current admin email equals the email address that has last
+                // received a recovery email. If not, we should ignore the rate limit option.
+                // Retrieve last received email (md5 hash).
+                $last_received_recovery_email = get_option( 'recovery_mode_email_last_receiver' );
+                $current_admin_email_hash     = md5( $this->get_recovery_mode_email_address() );
+
                 $last_sent = get_option( self::RATE_LIMIT_OPTION );
 
-                if ( ! $last_sent || time() > $last_sent + $rate_limit ) {
+                if ( ( ! $last_sent || time() > $last_sent + $rate_limit ) ||
+                        $last_received_recovery_email !== $current_admin_email_hash
+                        ) {
                         if ( ! update_option( self::RATE_LIMIT_OPTION, time() ) ) {
                                 return new WP_Error( 'storage_error', __( 'Could not update the email last sent time.' ) );
                         }
@@ -203 +211 @@
                         $email['headers']
                 );
 
+                // We save the md5 hash of the last receiving email address, so that we can
+                // circumvent the rate limit of one email per 24h in case we have to
+                // update the admin_email to access the recovery email contents.
+                // See lines 52-62 for how this field is used for checks before sending emails.
+                update_option( 'recovery_mode_email_last_receiver', md5( $email['to'] ), false );
+
                 if ( $switched_locale ) {
                         restore_previous_locale();
                 }