WordPress.org

Make WordPress Core

Changeset 30432


Ignore:
Timestamp:
11/20/2014 01:41:33 PM (7 years ago)
Author:
nacin
Message:

Invalidate password keys when a user's email changes.

Merges [30430] to the 3.9 branch.

Location:
branches/3.9
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/3.9

  • branches/3.9/src/wp-includes/user.php

    r28087 r30432  
    17171717
    17181718    if ( $update ) {
     1719        if ( $user_email !== $old_user_data->user_email ) {
     1720            $data['user_activation_key'] = '';
     1721        }
    17191722        $wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
    17201723        $user_id = (int) $ID;
  • branches/3.9/tests/phpunit/tests/user.php

    r25440 r30432  
    628628        $this->assertInstanceOf( 'WP_Error', wp_update_user( array( 'ID' => $user_id ) ) );
    629629    }
     630
     631    function test_changing_email_invalidates_password_reset_key() {
     632        global $wpdb;
     633
     634        $user = $this->factory->user->create_and_get();
     635        $wpdb->update( $wpdb->users, array( 'user_activation_key' => 'key' ), array( 'ID' => $user->ID ) );
     636        clean_user_cache( $user );
     637
     638        $user = get_userdata( $user->ID );
     639        $this->assertEquals( 'key', $user->user_activation_key );
     640
     641        // Check that changing something other than the email doesn't remove the key.
     642        $userdata = array(
     643            'ID'            => $user->ID,
     644            'user_nicename' => 'wat',
     645        );
     646        wp_update_user( $userdata );
     647
     648        $user = get_userdata( $user->ID );
     649        $this->assertEquals( 'key', $user->user_activation_key );
     650
     651        // Now check that changing the email does remove it.
     652        $userdata = array(
     653            'ID'            => $user->ID,
     654            'user_nicename' => 'cat',
     655            'user_email'    => 'foo@bar.dev',
     656        );
     657        wp_update_user( $userdata );
     658
     659        $user = get_userdata( $user->ID );
     660        $this->assertEmpty( $user->user_activation_key );
     661    }
    630662}
Note: See TracChangeset for help on using the changeset viewer.