Make WordPress Core

Changeset 30431 for branches/4.0


Ignore:
Timestamp:
11/20/2014 01:39:21 PM (10 years ago)
Author:
nacin
Message:

Invalidate password keys when a user's email changes.

Merges [30430] to the 4.0 branch.

Location:
branches/4.0
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/4.0

  • branches/4.0/src/wp-includes/user.php

    r29635 r30431  
    18191819
    18201820    if ( $update ) {
     1821        if ( $user_email !== $old_user_data->user_email ) {
     1822            $data['user_activation_key'] = '';
     1823        }
    18211824        $wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
    18221825        $user_id = (int) $ID;
  • branches/4.0/tests/phpunit/tests/user.php

    r29341 r30431  
    655655        $this->assertNotContains( 'key', $metas );
    656656    }
     657
     658    function test_changing_email_invalidates_password_reset_key() {
     659        global $wpdb;
     660
     661        $user = $this->factory->user->create_and_get();
     662        $wpdb->update( $wpdb->users, array( 'user_activation_key' => 'key' ), array( 'ID' => $user->ID ) );
     663        clean_user_cache( $user );
     664
     665        $user = get_userdata( $user->ID );
     666        $this->assertEquals( 'key', $user->user_activation_key );
     667
     668        // Check that changing something other than the email doesn't remove the key.
     669        $userdata = array(
     670            'ID'            => $user->ID,
     671            'user_nicename' => 'wat',
     672        );
     673        wp_update_user( $userdata );
     674
     675        $user = get_userdata( $user->ID );
     676        $this->assertEquals( 'key', $user->user_activation_key );
     677
     678        // Now check that changing the email does remove it.
     679        $userdata = array(
     680            'ID'            => $user->ID,
     681            'user_nicename' => 'cat',
     682            'user_email'    => 'foo@bar.dev',
     683        );
     684        wp_update_user( $userdata );
     685
     686        $user = get_userdata( $user->ID );
     687        $this->assertEmpty( $user->user_activation_key );
     688    }
    657689}
Note: See TracChangeset for help on using the changeset viewer.